Lucene search
netscape.directory.server.4.txt
๐๏ธย 17 Aug 1999ย 00:00:00Reported byย Paul BobbyTypeย 
ย packetstorm๐ย packetstormsecurity.com๐ย 18ย Views
Netscape Directory Server 4 leaves admin password file unsecured post-installation, presenting a security risk.
Show more
`Date: Mon, 03 May 1999 08:45:25 -0400
From: "Bobby, Paul" <[email protected]>
To: "'[email protected]'" <[email protected]>
Subject: bug/Netscape-DirectoryServer4
After installing Netscape's Directory Server 4 for Solaris, one of the final
options is to remove a file called 'install.inf' which the install process
claims could contain sensitive information. Answering yes to this question
will delete the file.
However there is another file left behind after installation which contains
the un-encrypted 'admin' password. This file has world read permissions and
is located in
/usr/netscape/server4/admin-serv/config/adm.conf
The parameter is seipid
---------------------------------------------------------------------------
Date: Mon, 03 May 1999 08:52:53 -0400
From: "Bobby, Paul" <[email protected]>
To: 'Packet Storm Security' <[email protected]>
Subject: RE: bug/Netscape-DirectoryServer4
The results of uname -a
SunOS zaphod 5.6 Generic_105181-12 sun4u sparc SUNW,Ultra-Enterprise
I haven't informed SUN, Bugtraq or Netscape about this yet.
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4