| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 3637.1 | No break in for DECNIS security | MARVIN::RIGBY | No such thing as an alpha beta | Wed May 14 1997 11:05 | 12 |
| You can't over the network, and if you could it would be a security hole.
If you have an MPC-II (or -III) and have access to NCL from the console you
could get the information there. If you use TELNET to get to said console you
would need to supply the TELNET password, which you probably don't know either.
For large sums of money you could supply a dump, the information is in memory
and could, conceptually, be extracted from there as it isn't stored with one-way
encryption but we have no tools to help in this job and I'm sure it would be
much cheaper to just create the security information from scratch.
John
|
| 3637.2 | More money, but quicker ! | COMICS::WEIR | John Weir, UK Country Support | Wed May 14 1997 16:40 | 37 |
|
For even larger sums of money I'll tell you how to do it in about 30 seconds ;-)
Regards,
John Weir
Oh! BTW, all you have to do is get your DECnis dump to a VMS system and do
$ SEARCH nis_fred.dmp OBJ_19,LES$CTF
There are several occurences of both OBJ_19 and LES$CTF, and shortly after
one or other of the occurences (last occurences in my dump) you will find the
usernames and passwords in clear text -- Obviously the NML one is shortly
after the OBJ_19 string and the CTF one is after the LES$CTF string.
|
| 3637.3 | Protect those dumps | MARVIN::RIGBY | No such thing as an alpha beta | Thu May 15 1997 09:27 | 5 |
| oh well, that blows it, we'll have to withdraw all versions of DECNIS code while
we fix this security hole.-)
This possibility once again emphasizes how important it is to make sure that any
DECNIS dumps you have lying around on your system are suitably protected.
|