[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Weak site user PW

Subject: [cobalt-security] Weak site user PW
From: "Roy A. Urick" <roy.urick@xxxxxxxxxxxxxxxx>
Date: Wed, 12 Dec 2001 09:43:10 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

I am taking over several web sites, and found that the users for both sites
have VERY weak passwords... as in many are 3 digit numeric passwords (they
use birthdates of mo/yr). Once I finished shuddering at the fact of such a
weak set of passwords I started thinking.

As long as I dont allow telnet access or site admin status to any of these
weak users,  would it be safe to add them with the existing passwords? I
noticed all I can see as a lowly site user is ftp-ing into my own local web
space.

Any exploits known for this? (dont need details, just a yes or no will
suffice. Dont wanna open others to issues if the bad guys are watching)

Roy

(still thinking about making them change them regardless just so I feel
better)

Follow-Ups:
- Re: [cobalt-security] Weak site user PW
  - From: Jonathan Michaelson

Prev by Date: [cobalt-security] Should I worry
Next by Date: Re: [cobalt-security] Should I worry
Previous by thread: RE: [cobalt-security] Should I worry
Next by thread: Re: [cobalt-security] Weak site user PW

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index