Bugtraq mailing list archives

Re: Xitami Webserver stores admin password in clear text.

From: Tom Micklovitch <h_bugtraq () yahoo com>
Date: Tue, 27 Nov 2001 02:13:58 -0800 (PST)

This is a known issue, and certainly on windows versions on Xitami, you actually have to create
the file defaults.aut yourself, as in, actually type in it's contents.

But you are correct - it would be nice if it was encoded somehow.

A more worrying issue is the fact that defaults.aut is world readable AND writable, hence if you
have shared the drive it's on, anyone on the local network can simply replace it with their password.

=====
Be Afraid. Be VERY Afraid.

__________________________________________________
Do You Yahoo!?
Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1

Current thread:

Xitami Webserver stores admin password in clear text. Larry W. Cashdollar (Nov 26)
- Re: Xitami Webserver stores admin password in clear text. Tom Micklovitch (Nov 28)
  - Re: Xitami Webserver stores admin password in clear text. Larry W. Cashdollar (Nov 28)
- Re: Xitami Webserver stores admin password in clear text. Bernd Luevelsmeyer (Nov 28)