[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Weak site user PW
- Subject: [cobalt-security] Weak site user PW
- From: "Roy A. Urick" <roy.urick@xxxxxxxxxxxxxxxx>
- Date: Wed, 12 Dec 2001 09:43:10 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
I am taking over several web sites, and found that the users for both sites
have VERY weak passwords... as in many are 3 digit numeric passwords (they
use birthdates of mo/yr). Once I finished shuddering at the fact of such a
weak set of passwords I started thinking.
As long as I dont allow telnet access or site admin status to any of these
weak users, would it be safe to add them with the existing passwords? I
noticed all I can see as a lowly site user is ftp-ing into my own local web
space.
Any exploits known for this? (dont need details, just a yes or no will
suffice. Dont wanna open others to issues if the bad guys are watching)
Roy
(still thinking about making them change them regardless just so I feel
better)