old school security (was: IMS 5000 system password filed cracked)
Richard
legalize at xmission.com
Sun Apr 22 19:16:43 CDT 2007
In article <462BF461.4090406 at compsys.to>,
"Jerome H. Fine" <jhfinedp3k at compsys.to> writes:
> On the other hand, I suspect that the actual clear text of
> the userid / passwords should never have been stored in a
> file in the first place. If that is what you described (based
> on what you specified above), that was a VERY serious error
> in the security of the system. [...]
Lots of systems made that error. For instance, RSTS/E stored the
passwords in cleartext and you could list them out if you were a
privileged (1,*) user. I discovered that when you submitted a batch
job through the @ processor, it ran as user batch on account (1,2).
So it wasn't too hard to submit a batch job that ran the ACCOUN
program to list out the passwords.
--
"The Direct3D Graphics Pipeline" -- DirectX 9 draft available for download
<http://www.xmission.com/~legalize/book/download/index.html>
Legalize Adulthood! <http://blogs.xmission.com/legalize/>
More information about the cctech
mailing list