Unix offers no security against local users either. If I can sit at the console, I can login in single user mode, mount the drives rw and edit /etc/passwd all day.Windows offers no security against local users. It is trivial to boot to a program like ERD Commander and replace admin passwords. On the other hand, PuTTy is meant to protect against everyone; that's why it doesn't allow saved passwords. Thus, this seems like a vulnerability to me.
Furthermore, I can take any hard drive, with any file system on it, and with the right tools I can read everything on the drive, even deleted stuff.
So what's your point? That when you own the box you own the box?If you first have to own the box to get to the information, then it's not a vulnerability. It's not best practice, but it's not a vulnerability.
Paul Schmehl (pauls@xxxxxxxxxxxx) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Attachment:
p7s866YA3o1IZ.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/