Re: Novel Netware Allows Login Access With No Passwords
|
|
SecurityTracker Alert ID: 1001072 |
|
SecurityTracker URL: http://securitytracker.com/id/1001072
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Mar 12 2001
|
Impact:
User access via network
|
|
Version(s): Netware 3.1-5.1
|
Description:
A vulnerability has been reported in the default configuration of Novell Netware that allows login access with no passwords.
A user reports successfully tesing this exploit with NW 5.1 SP2a using a queue based Print Server object. The user could login as the object with no password, but the object only had public rights (i.e., browse, compare and read), no volume scan, read or write rights.
|
Impact:
An attacker can log into a Netware network using a Print Server account and obtain the rights of the container that the Print Server resides in.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.novell.com (Links to External Site)
|
Cause:
Authentication error
|
Underlying OS:
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Mon, 12 Mar 2001 00:54:36 -0000
Subject: Re: Vulnerability in Novell Netware
|
We've tested this exploit with NW 5.1 SP2a using a
queue based Print Server object.
We could login as the object with no password, but
the object only had public rights (ie, browse, compare
and read).
No volume scan, read or write rights.
Though it must have read rights to the print spool
location.
By default the Print Server should not security
equivelance to the container.
But this may have been manually assigned in the
environment where the vulnerability was discovered.
Ben Ponting
|
|
