Bugtraq mailing list archives
Password unsecurity in cc:Mail release 8
From: aleph1 () DFW NET (Aleph One)
Date: Mon, 8 Sep 1997 13:17:04 -0500
Forwarded from RISKS DIGEST 19.37 Date: Fri, 05 Sep 1997 15:51:21 -0700 From: Carl Byington <carl () five-ten-sg com> Subject: Password unsecurity in cc:Mail release 8 After installing a cc:Mail release 8 postoffice (and link to smtp) on an NT3.51 machine, I noticed that the nightly reclaim process is scheduled via the standard NT "at" command which runs %systemroot%\~callmnt.bat. This batch file simply runs yet another batch file %systemroot%\~ccmaint.bat. Why do this? Because the second batch file is "hidden", but a simple "attrib" command removes that "protection", and then your master postoffice password is nicely visible. But you might ask, what are the NT security permissions on these batch files? Simply "everyone full control". Oh well, at least I don't need to worry about forgetting that password.
Current thread:
- Password unsecurity in cc:Mail release 8 Aleph One (Sep 08)