February 3rd, 2002, 12:53 AM
Novell Admins Must Read This!!!
Novell NetWare NDS Domain Admin Null Password Vulnerability
Novell NetWare is reportedly prone to an issue which may, under some circumstances, allow an unprivileged NDS user to access NT domain machines using a null password.
The attacker must possess a valid NDS account. The attacker must target a NDS_ADM account that is in the NDS tree and is checked as having "Domain Admin" rights over the NT domain, but must not exist in the NT domain. If these conditions are satisfied, then it is allegedly possible for the unprivileged NDS user to gain unauthorized access to machines in the NT Domain with the privileges of a Domain Admin.
February 3rd, 2002, 01:54 AM
Novell has all kinds of security issues..I used to use a hex editor and fool it into thinking it was a fresh install....hehe it would then ask me to set the admin password. If you did it right you would not corrupt any data
February 3rd, 2002, 02:34 PM
Novell is dying, if not already dead... Seldom have I seen a system with so many flaws (oh wait, there is of course windows...lmao )
\"Software is like sex: it\'s better when it\'s free.\" -Linus Torvalds
February 3rd, 2002, 03:12 PM
Irregardless if someone thinks that Novell may or may not be dying (the same has been said of *nix and Apple for years..), I am curious as to which Novell release this possible vulnerability exists with. Novell 5 and 6 have been pretty secure from what I've seen with little to no vulnerabilities (I know of one for the BorderManager 3.x firewall -- nasty DoS that I tested on a friend and literally destroyed his firewall as a result) so I am curious as to which version of Novell this affects.
Novell Netware 3.x and 4.x are relatively unsecure and at this point, Novell itself says upgrading is the best security answer. S0nic, could you clarify that for me?
February 3rd, 2002, 04:58 PM
I too would like to know which version, since I run several.
Also it appears this is a combo novell/ms problem and related to the way nds and the domain processes interact.
s0nIc let us know what else you find.