[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Re: cobalt factory usernames

Subject: [cobalt-security] Re: cobalt factory usernames
From: cronus@xxxxxx
Date: Wed, 24 Jan 2001 15:00:26 GMT
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> The specific usernames that I question are: "pop" and "operator"
> Are those installed into the raq3i by the factory?

I admin two Raq3 servers. One of them has accounts under the
usernames pop, operator and games. The other only has operator
and games but niether server actually has passwords for these
accounts. What I mean is that the shadow file contains an 
asterix ('*') which would never be the result of a crypt function
so the accounts cannot be logged into in the normal fashion. If
you were running a daemon as one of these accounts then the daemon
itself may have caused the hole.

Mark Anderson

Follow-Ups:
- Re: [cobalt-security] Re: cobalt factory usernames
  - From: Gossi The Dog

Prev by Date: Re: [cobalt-security] cobalt factory usernames
Next by Date: Re: [cobalt-security] cobalt factory usernames
Previous by thread: [cobalt-security] Fw: "Linux Gets Stateful Firewalling"
Next by thread: Re: [cobalt-security] Re: cobalt factory usernames

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index