Possible Kolab LDAP configuration information disclosure
Martin Konold
martin.konold at erfrakon.de
Tue Apr 20 20:47:36 CEST 2004
Am Tuesday 20 April 2004 04:03 pm schrieb Luca Villani:
Hi
> > What are the access permissions on this file?
> But IMHO storing a password in clear text is a vulnerability tout court,
> even if permission are 400.
Why? If you cannot trust root you are lost anyway.
> > What do you gain? The above encoded pw can also be used to replay...
>
> The above encoded pw is an SSHA encryption of the string
>
> averystrongpassword
What is the gain? (It can be abused also in the encoded form)
Yours,
-- martin
Dipl.-Phys. Martin Konold
e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Nobelstrasse 15, 70569 Stuttgart, Germany
fon: 0711 67400963, fax: 0711 67400959
email: martin.konold at erfrakon.de
More information about the users
mailing list