[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] SMC Router safe Login in plaintext

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] SMC Router safe Login in plaintext
From: Paul Schmehl <pauls@xxxxxxxxxxxx>
Date: Wed, 03 Sep 2003 20:09:49 -0500

--On Wednesday, September 03, 2003 17:14:04 -0500 "C. Church" <cchurch@xxxxxxxxxxxxxx> wrote:


Did you read what you just said?  How many ISPs have you called where they
would "Tell you what your password is"?  If your ISP can tell you what
your password is, let us know who it is, so we can all avoid them in the
future.

SBCGlobal.net, ATT.net to name two big ones.

Answer: they don't need to know your old password to change your password.
It's called permissions, and privileged access.  As root, or a priveleged
user, I can change anyone's password without having to know the old one.

<sarcasm mode="on">No, really? I would have never guessed.</sarcasm>

Think about it.

OK, I thought about it. Now what do I do?

BTW, when I say "tell you what your password is", what I mean is something like this, "Mr. Schmehl, your password is 1234qwer. Are you sure you're typing it right?"

Doh!

Paul Schmehl (pauls@xxxxxxxxxxxx)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] SMC Router safe Login in plaintext
  - From: Justin

References:
- Re: [Full-Disclosure] SMC Router safe Login in plaintext
  - From: C. Church

Prev by Date: [Full-Disclosure] FW: Microsoft Security Update
Next by Date: RE: [Full-Disclosure] Bill Gates blames the victim
Previous by thread: Re: [Full-Disclosure] SMC Router safe Login in plaintext
Next by thread: Re: [Full-Disclosure] SMC Router safe Login in plaintext
Index(es):
- Date
- Thread