|
sidemenu
|
Failing to properly use passwords on user and system accounts
-
Using null passwords.
-
Using trivially guessable passwords, such as name, username, "guest", "password", etc...
-
Putting passwords in "clear" text in world-readable files.
- Using "+ +" in .rhosts, effectively world access with null passwords.
Allowing access to system or user files for unauthorized users
-
Allowing world read (or read/write) access to system or user files, outside of authorized and intended areas, through anonymous ftp, nfs export, world wide web, Windows shares, or other means.
-
Allowing world read/write access to the same directory, creating a "file drop" for unauthorized users.
|
|
