lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20040827002824.758e9a8a@piglet.goo>
From: tigger at onemoremonkey.com (Tig)
Subject: Automated ssh scanning

On Thu, 26 Aug 2004 09:08:15 -0500 (CDT)
Ron DuFresne <dufresne@...ternet.com> wrote:

> 
> 
> the real thing this user most likely suffered from was the weak
> account passwd double, guest:guest.  Now, if the admin and other
> account were setup with strong passwd's and this account was either
> setup with a strong passwd or not setup at all might be a better test
> of the stability of ssh and the debain setup in question.
> 
> Thanks,
> 
> Ron DuFresne
> 

I think some people are not really reading or understanding what is
going on. The box was a default install with one or two weak passwords
for _user_ accounts and a _strong_ password for the root.

Withing a short while, the root account was compromised, after the weak
user account was broken. I suggest people re-read what Richard Verwayen
has been saying (in German English, but still very readable :])

Basically, if you have a weak password on a user account, your
root account on a Debain box is screwed, other *nix distros maybe as
well.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ