[wpkg-users] security issues
Marco Gaiarin
gaio at sv.lnf.it
Mon Jun 11 09:27:07 CEST 2007
Mandi! Florian Klaempfl
In chel di` si favelave...
> Is this a real issue? Having the ability to connect a machine with admin
> access to the network (this is required to setup a fake server) offers a
> lot of other possible DoS attacks (formatting a hard disk of a client PC
> is no more than a DoS attack to this machine).
I'm exactly thinking about this.
On a 'old domain' (NT4, Samba, W2k in compatibility mode) there's still
a 'machine account' that have to be setted up, and the machine account
have to be initialized with an administrator password (eg, someone in
Domain Admins group).
But if i've got an account in Domain Admins, nothing in the windows lan
are secure. At this point, using WPKG or not using WPKG it is only a
choiche of the attacker, that have *FULL* control of the lan...
I'm not aware of the existence of attacks to the 'machine account' of
NT4/samba.
The question, for me, is another: is the 'workgroup' a supported
environment for WPKG?
If yes, some sort of 'authentication' have to be implemented, or at
least state that a 'share level' password in the share are a minimum
requirement.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797
wpkg-users mailing list
wpkg-users at lists.wpkg.org
http://lists.wpkg.org/mailman/listinfo/wpkg-users
More information about the wpkg-users
mailing list