Vulnerabilities in Novell Netware

[prophet868]

Does anybody know of any I can't seem to find any?

[Ganjica]

www.google.com http://www.google.com/search?sourcei...ulnerabilities

Quick check out the 11,200 hits for your question.

[slarty]

There have been some, but it's unlikely they're still present.

Novell has a good security reputation mostly. Its main weaknesses stem from being based on DOS (or Windows) (Neither of which the server actually runs under)

Things to watch out for normally:

- Supervisor accounts running world writable binaries (duuh!)
- Supervisor accounts logging into machines which may have keyloggers, fake login screens etc
- People left logged in (yes it does still happen)

- Supervisor accounts running backup jobs, printing bits etc

- Fake file servers
(A classic attack)
- Creates a file server with the same name as a real one, clients are fooled into connecting to it and revealing at least some information about their password, hence dictionary attacks at least can be done.
- Fake file servers may work better when the real one(s) are down - for instance they might be DOS'd so watch out.

- Macs might have vulnerabilities which expose novell logins

Novell has an advanced filesystem and the Bindery/NDS is a clever and complex directory - these facts make it easy to hide information in them, as not all things are obvious.