SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Networking Stack (NetWare)  >   NetWare Vendors:   Novell
Re: Novel Netware Allows Login Access With No Passwords
SecurityTracker Alert ID:  1001071
SecurityTracker URL:  http://securitytracker.com/id/1001071
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 12 2001
Impact:   User access via network

Version(s): Netware 3.1-5.1
Description:   A vulnerability has been reported in the default configuration of Novell Netware that allows login access with no passwords.

A user reportedly tried it on Netware 4.11 SP9 and was able to log in as the print server, but with limited access to resources.

Impact:   An attacker can log into a Netware network using a Print Server account and obtain the rights of the container that the Print Server resides in.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.novell.com (Links to External Site)
Cause:   Authentication error

Message History:   This archive entry is a follow-up to the message listed below.
Mar 12 2001 Novel Netware Allows Login Access With No Passwords



 Source Message Contents

Subject:  Re: Vulnerability in Novell Netware


I tried it on Netware 4.11 SP9. Logged in as the print server , but with
limited access to resources. I didn't fully test after logged in, but it's
possible.
Brad B

On Fri, 9 Mar 2001, Derek Wilson wrote:

> Tested the Exploit on Netware 5.1 SP2 with the context and username set to the print server's context and username. I got an error
 logging in. No password was set for the print server (I don't think its possible). The printer was an NDPS printer. Does this only
 happen with "public access" printers, or was it a different service pack you tried it on?
>
> Derek Wilson
> wilsond@grandcasinos.com
> PPE Mid-South Region
> (V) 228.604.5106
> (P) 228.516.3945
>


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC