-
April 15th, 2002, 11:23 PM
#1
Junior Member
Vulnerabilities in Novell Netware
Does anybody know of any I can't seem to find any?
-
April 15th, 2002, 11:45 PM
#2
Member
America - Land of the free, home of the brave.
-
April 15th, 2002, 11:56 PM
#3
There have been some, but it's unlikely they're still present.
Novell has a good security reputation mostly. Its main weaknesses stem from being based on DOS (or Windows) (Neither of which the server actually runs under)
Things to watch out for normally:
- Supervisor accounts running world writable binaries (duuh!)
- Supervisor accounts logging into machines which may have keyloggers, fake login screens etc
- People left logged in (yes it does still happen)
- Supervisor accounts running backup jobs, printing bits etc
- Fake file servers
(A classic attack)
- Creates a file server with the same name as a real one, clients are fooled into connecting to it and revealing at least some information about their password, hence dictionary attacks at least can be done.
- Fake file servers may work better when the real one(s) are down - for instance they might be DOS'd so watch out.
- Macs might have vulnerabilities which expose novell logins
Novell has an advanced filesystem and the Bindery/NDS is a clever and complex directory - these facts make it easy to hide information in them, as not all things are obvious.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|