[Xitami] Plaintext passwords on Bugtraq (again)

Francis Turner xitami@lists.xitami.org
Fri, 21 Jun 2002 14:22:48 +0200

Previous message: [Xitami] Sokrates & Jive
Next message: [Xitami] Plaintext passwords on Bugtraq (again)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://online.securityfocus.com/archive/1/277941

Would someone from Imatix like to explain (again) to bugtraq that read 
access to any configuration file whether or not it contains passwords is 
a huge security hole. But that in windows with no user access control 
you can't hide files.

Note that my (test) installation of Apache also has a clear text config 
file in the conf directory. Any user on a windoes machine can read and 
write any file in that directory also. Since I removed IIS for being a 
security hazard I have no idea whether IIS also has a similar config 
file/directory but I'll bet that if not anyone runing regedit would be 
in luck

Francis

-- 
...if the US Government were ever to get really serious about Internet 
security, the top players in Microsoft's management hierarchy would find 
themselves handcuffed, blindfolded, led onto a tarmac within some obscure 
Air Force base, and shot.
-- Thomas C Greene (http://www.theregister.co.uk/content/55/23223.html)

Previous message: [Xitami] Sokrates & Jive
Next message: [Xitami] Plaintext passwords on Bugtraq (again)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]