[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Re: IIS 4.0 admin bug
From: Aleph One <aleph1 () UNDERGROUND ! ORG>
Date: 1999-06-25 17:58:15
[Download RAW message or body]
Folks, the password must be stored in clear text. The best you
can do is obfuscate it. Its just a fact you need the plain text
password under NT to impersonate an account unless they have connected
to the server through a named pipe or some other similar mechanism.
This is why IIS need to password to impersonate the account that
owns the directory to access it.
--
Aleph One / aleph1@underground.org
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic