[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: IIS 4.0 admin bug
From:       Aleph One <aleph1 () UNDERGROUND ! ORG>
Date:       1999-06-25 17:58:15
[Download RAW message or body]

Folks, the password must be stored in clear text. The best you
can do is obfuscate it. Its just a fact you need the plain text
password under NT to impersonate an account unless they have connected
to the server through a named pipe or some other similar mechanism.
This is why IIS need to password to impersonate the account that
owns the directory to access it.


--
Aleph One / aleph1@underground.org
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01

[prev in list] [next in list] [prev in thread] [next in thread]