From proff Fri Jul 19 11:46:33 1996 Received: (proff@localhost) by suburbia.net (8.7.4/Proff-950810) id LAA22496 for best-of-security; Fri, 19 Jul 1996 11:46:33 +1000 Received: from brimstone.netspace.org ([128.148.157.143]) by suburbia.net (8.7.4/Proff-950810) with ESMTP id KAA20102 for ; Fri, 19 Jul 1996 10:39:49 +1000 Received: from netspace.org ([128.148.157.6]) by brimstone.netspace.org with ESMTP id <23153-21009>; Thu, 18 Jul 1996 20:38:53 -0500 Received: from netspace.org (netspace [128.148.157.6]) by netspace.org (8.7/8.6.12) with SMTP id UAA18177; Thu, 18 Jul 1996 20:38:14 -0400 Received: from NETSPACE.ORG by NETSPACE.ORG (LISTSERV-TCP/IP release 1.8b) with spool id 177740 for BUGTRAQ@NETSPACE.ORG; Thu, 18 Jul 1996 20:25:20 +2000 Received: from netspace.org (netspace [128.148.157.6]) by netspace.org (8.7/8.6.12) with SMTP id UAA17229 for ; Thu, 18 Jul 1996 20:24:14 -0400 Approved-By: ALEPH1@UNDERGROUND.ORG Received: from command.com.inter.net (command.com.inter.net [38.250.25.1]) by netspace.org (8.7/8.6.12) with ESMTP id TAA13400 for ; Thu, 18 Jul 1996 19:46:44 -0400 Received: (from bogus@localhost) by command.com.inter.net (8.7.4/8.6.12) id RAA01077; Thu, 18 Jul 1996 17:50:46 GMT MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Approved-By: bogus technician Message-ID: Date: Thu, 18 Jul 1996 17:50:45 +0000 Reply-To: Bugtraq List Sender: proff From: bogus technician Subject: HPUX sam_exec To: Multiple recipients of list BUGTRAQ The sam_exec password is "x7vpa5jh". I sniffed the thing, and it doesn't look like the password is used at all during any of the transactions -- a .rhosts file gets installed in the sam_exec home dir, and r* methods are used. The password does exist in the clear, though, in the same place it's always been. strings through the shared library and it'll be right after the word 'None'; 9.x you'll see 'None' and then 'Yosemite' on the next line, 10.x you'll see 'None' and then 'x7vpa5jh' on the next line. (The remote access shared library is at /usr/sam/lib/ra/ra.sl, and it looks to be world readable by default.) Moo