[imp] Passwd Module: Security vulnerability ???

Eric Rostetter eric.rostetter at physics.utexas.edu
Tue Jul 15 21:03:55 PDT 2003


Quoting Ashwin Kotian <ashwin at comstocksys.com>:

> still able to see the username displayed & change it to another username &
> also change the password (since I know the other username's original
> password).

The real question is why do you know the other users password?
*That* is the security vulnerability.

-- 
Eric Rostetter
The Department of Physics
The University of Texas at Austin
 
Why get even? Get odd!


More information about the imp mailing list