Re: (PM) PPPSmartAgent 1.0b5 available for open-beta (fwd)

Roy (garlic@garlic.com)
Thu, 11 Feb 1999 23:17:02 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: I don't work for Lucent RABU: "(PM) (RADIUS) Caller-Id check (fwd)"
Previous message: Thomas Kinnen: "Re: (PM) PPPSmartAgent 1.0b5 available for open-beta (fwd)"

What is expected is that debugging information (which has clear text
passwords in it) should NEVER NEVER NEVER be displayed to a session that
isn't authorized to receive it ESPECIALLY ONE THAT IS TOTALLY
UNAUTHENTICATED. You have a security hole that is documented and can
cause harm.

Thomas Kinnen wrote:
>
> Roy wrote:
> >
> > I think you are wrong on this one. Dial in with something like
> > hyperterminal and DON'T use PPP. Access as !root and login. Turn
> > debugging on. Disconnect and watch the fun as someone tries a PPP
> > connection while debugging info comes out the port.
>
> If you do that with out issueing a "set debug off' and "reset console" then it
> doing what is expected.
>
> ----
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>

Next message: I don't work for Lucent RABU: "(PM) (RADIUS) Caller-Id check (fwd)"
Previous message: Thomas Kinnen: "Re: (PM) PPPSmartAgent 1.0b5 available for open-beta (fwd)"