lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: toddtowles at brookshires.com (Todd Towles) Subject: Automated ssh scanning I agree, so we are looking at a unknown local exploit for woody or we are all missing something. -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Tig Sent: Thursday, August 26, 2004 9:28 AM To: full-disclosure@...ts.netsys.com Subject: Re: [Full-Disclosure] Automated ssh scanning On Thu, 26 Aug 2004 09:08:15 -0500 (CDT) Ron DuFresne <dufresne@...ternet.com> wrote: > > > the real thing this user most likely suffered from was the weak > account passwd double, guest:guest. Now, if the admin and other > account were setup with strong passwd's and this account was either > setup with a strong passwd or not setup at all might be a better test > of the stability of ssh and the debain setup in question. > > Thanks, > > Ron DuFresne > I think some people are not really reading or understanding what is going on. The box was a default install with one or two weak passwords for _user_ accounts and a _strong_ password for the root. Withing a short while, the root account was compromised, after the weak user account was broken. I suggest people re-read what Richard Verwayen has been saying (in German English, but still very readable :]) Basically, if you have a weak password on a user account, your root account on a Debain box is screwed, other *nix distros maybe as well. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists