[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Passwords
- Subject: Re: [cobalt-security] Passwords
- From: Steve Werby <steve-lists@xxxxxxxxxxxx>
- Date: Tue, 28 Aug 2001 00:55:03 -0400
- Organization: Befriend Internet Services LLC
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hello Mike,
Monday, August 27, 2001, 3:18:12 PM, you wrote:
MB> I have only been a part of this list for a short while and haven't had a
MB> chance to browse through the old threads so forgive me if this question
MB> has been answered.
MB> I changed the root password on my Raq4 a couple of weeks ago (To
MB> something I couldn't forget). Well for some reason I had a major brain
MB> cramp and couldn't remember it. I spent so much time trying different
MB> combinations that I thoroughly confused myself. Well, I went into the
MB> web interface and changed the admin password to something else and low
MB> and behold it changed the root password to that same thing. Being that
MB> I couldn't remember the root password that was great, but then I got to
MB> thinking about the fact that if someone can get in as admin then can
MB> access root even if I have a different password set.
This is standard behavior on the RaQ line. I too change the root
password so that it's different than that of admin's. If this gives
you an added sense of security perhaps you should consider editing
srm.conf to change the location of the server admin interface. You
can probably take it a step further by blocking direct access to the
actual location of the GUI files on the server.
MB> Are there any fixes/suggestions. TIA
I imagine it would be fairly trivial to modify Cobalt's CGI that
resets the root password when admin's password is changed, but I'm not
aware of anyone having published this modification.
--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/