Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Networking Stack (NetWare)  >   NetWare Vendors:   Novell
Re: Novel Netware Allows Login Access With No Passwords
SecurityTracker Alert ID:  1001086
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 14 2001
Impact:   User access via network

Version(s): Netware 3.1-5.1
Description:   A vulnerability has been reported in the default configuration of Novell Netware that allows login access with no passwords.

One user notes that they have had high school students use printer accounts with no passwords. While logged in as the printer, the students have written to the print queue directory, filling up the SYS volume with games and pictures.

This was reportedly observed in Netware 4.10, and it has followed since.

Impact:   An attacker can log into a Netware network using a Print Server account and obtain the rights of the container that the Print Server resides in.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Authentication error

Message History:   This archive entry is a follow-up to the message listed below.
Mar 12 2001 Novel Netware Allows Login Access With No Passwords

 Source Message Contents

Subject:  Re: Vulnerability in Novell Netware

There is one thing that might be over looked here, or stated where I haven't read.

I have tested the same login via a printer name and no pass.  I've had high school students do this and find out they can write to
 the print queue directory.  Needless to say they filled up the SYS volume with games and pictures.  We since created a separate partition
 just for the print queue, small enough to be able to print but they really can not store any data.  We also wrote a small program
 to go out and delete any files that weren't of the typical queue fashion, and then purge it.

We actually saw this in Netware 4.10, and it has followed since.

There used to be a Novell TID that showed how to look down certain rights and still allow the printer to print.  I have no idea if
 this is still out there or not, but sometimes the default rights aren't sufficient.


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC