TUCoPS :: SCO :: sco5095.htm

At installation cryptes admin password is world readable
13th Feb 2002 [SBWID-5095]
COMMAND

	At installation cryptes admin password is world readable

SYSTEMS AFFECTED

	UnixWare 7.1.X

PROBLEM

	Gogel, Derryle posted :
	

	Looks like a insecure file vuln exsists within the system  created  file
	when you do the initial install of SCO.
	

	Lets take a look here at /var/adm/isl/ifile
	

	root@cccy.br03D124# ls -l /var/adm/isl/ifile

	-rw-r--r--    1 root     root           4691 Sep 24  1999 /var/adm/isl/ifile

	

	And we all know the shadow file is read-only by root
	

	OWNER_NAME=\"Derryle Gogel\"

	USERNAME=\"Derryle Gogel\"

	OWNER_UID=\"101\"

	USERNUM=\"101\"

	OWNER_PW_ENCRYPTED=\"MM6GHkuVL0Pb6\"

	owner_pw_len=\"8\"

	ROOT_PW_ENCRYPTED=\"0N9VekO0riY8w\"

	password_len=\"6\"

	accept_pla=\"true\"

	PKGINSTALL=\"NEWINSTALL\"

	ROOTFS=\"vxfs\"

	

SOLUTION

	chmod

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH