On Mon, 11 Aug 1997, Stephen Fisher wrote:
>
> Which can easily be demonstrated:)
>
> Running the hd command on a file backed up with the pmreadconf command
> produces this:
>
> 00000000 01 63 6f 6e 66 69 67 00 00 00 00 00 00 00 00 00 |.config.........|
> 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
> 00000020 00 00 00 00 da 36 2e 31 00 00 00 00 00 00 00 00 |.....6.1........|
> 00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
> 00000040 00 00 00 00 00 00 00 00 00 40 00 ** ** ** ** ** |.........@.*****|
> 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
> 00000060 00 00 00 00 00 00 00 00 00 00 00 ff 00 05 a2 ce |................|
> 00000070 ce 00 00 00 00 00 00 00 00 00 00 00 00 00 00 31 |...............1|
> ..and so on..
>
> The ***** on the forth line is the !root password.
>
> On Mon, 11 Aug 1997, Joe Hartley wrote:
>
> > MegaZone <megazone@livingston.com> wrote:
> > > Once upon a time Hans Schaechl shaped the electrons to say...
> > > >I never was too happy about the fact that the PM's
> > > >username/password information is stored in plain-
> > > >text in the configuration dump-files.
> > >
> > > The PM does not currently support saving configuations out in plain text
> > > at all.
> >
> > No, but the files that are created by pmreadconf on my Sun stores
> > various information in clear text, including the !root password, the
> > SNMP community, any login/passwords stored in a users table and the
> > RADIUS secret.
> >
> > Aquiring one of these dumps would make it very easy to begin to wreak
> > havok at an installation.
>
andy
++++
In Redmond, no one can hear you scream ...
My opinions, of course, are my own, unless they were given to me by my
employer.
Andrew Doolittle - Sr. Engineer Livingston Enterprises
email: andy@livingston.com vmail: (800)458-9966
smail: 4464 Willow Road, Pleasanton, CA 94588