[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Re: Security Alert on MIPS based Cobalts

Subject: Re: [cobalt-security] Re: Security Alert on MIPS based Cobalts
From: Malcolm McLeary <mmcleary@xxxxxxx>
Date: Sun, 08 Oct 2000 10:39:48 +1100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

on 8/10/00 8:11 AM, Rod Todd at rodd_todd_1999@xxxxxxxxx wrote:

> My favorite on the Qubes :
> www.domain.com:81/.cobalt/groupList
> It shows all the groups and if you click on a group,
> it shows you who all the names of members.

This is really bad!

    http://www.domain.com:81/.cobalt/groupList/

presents this page without a password prompt, while

    http://www.domain.com:81/.cobalt/sysManage/

prompts for a username and password.

There must be a relatively easy fix to this because my Gateway Microserver
does not have this problem ... it prompts for a password for both of these
URLs.

Anyone know if this is fixed in any OS Updates or Security Patches?

Would a .htaccess file restricting access to admin work?

Cheers,  Malcolm

Follow-Ups:
- Re: [cobalt-security] Re: Security Alert on MIPS based Cobalts
  - From: Malcolm McLeary

References:
- [cobalt-security] Re: Security Alert on MIPS based Cobalts
  - From: Rod Todd

Prev by Date: [cobalt-security] Re: Security Alert on MIPS based Cobalts
Next by Date: Re: [cobalt-security] Re: Security Alert on MIPS based Cobalts
Previous by thread: [cobalt-security] Re: Security Alert on MIPS based Cobalts
Next by thread: Re: [cobalt-security] Re: Security Alert on MIPS based Cobalts

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index