lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 18 Jun 2008 17:01:47 +0200 (CEST)
From: "rembrandt" <rembrandt@...erlin.de>
To: full-disclosure@...ts.grok.org.uk
Subject: screen 4.03 password bypass vuln - UPDATE (for
	you sec dudes...)

Well I improved the advisory I released a while ago after I found serval
websites wich claim that this is a fake/myth sec. problem because they
where not able to reproduce it onto their boxes...

The updated version is avaiable at milw0rm (thanks to str0ke) and I
recomment that all who mirrored the article do update.

milw0rm link:
http://www.milw0rm.com/exploits/4028

I even included a lil example to make it fool proof... I was realy
impressed that some do think it's a fake/myth and claim that onto their
website.

So it would be nice if the guys at osvdb.org (and others) may do update
their articles, rating and what else matters for them to correct their
statements....

I named a now OS and how to reproduce it.
So feel free to install oBSD in a VM. ;]

The new version of the "improved" advisory is attached too for your
convenience. The bug itself is still the old one....


Kind regards,
Rembrandt
View attachment "screen_4_0_3_password_bypass_openbsd.txt" of type "text/plain" (2620 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists