SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Networking Stack (NetWare)  >   NetWare Vendors:   Novell
Re: Novel Netware Allows Login Access With No Passwords
SecurityTracker Alert ID:  1001072
SecurityTracker URL:  http://securitytracker.com/id/1001072
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 12 2001
Impact:   User access via network

Version(s): Netware 3.1-5.1
Description:   A vulnerability has been reported in the default configuration of Novell Netware that allows login access with no passwords.

A user reports successfully tesing this exploit with NW 5.1 SP2a using a queue based Print Server object. The user could login as the object with no password, but the object only had public rights (i.e., browse, compare and read), no volume scan, read or write rights.

Impact:   An attacker can log into a Netware network using a Print Server account and obtain the rights of the container that the Print Server resides in.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.novell.com (Links to External Site)
Cause:   Authentication error

Message History:   This archive entry is a follow-up to the message listed below.
Mar 12 2001 Novel Netware Allows Login Access With No Passwords



 Source Message Contents

Subject:  Re: Vulnerability in Novell Netware


We've tested this exploit with NW 5.1 SP2a using a 
queue based Print Server object.
We could login as the object with no password, but 
the object only had public rights (ie, browse, compare 
and read). 
No volume scan, read or write rights. 
Though it must have read rights to the print spool 
location.

By default the Print Server should not security 
equivelance to the container. 
But this may have been manually assigned in the 
environment where the vulnerability was discovered.

Ben Ponting


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC