Results 1 to 5 of 5

Thread: Novell Admins Must Read This!!!

  1. #1
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001

    Exclamation Novell Admins Must Read This!!!

    Novell NetWare NDS Domain Admin Null Password Vulnerability

    Novell NetWare is reportedly prone to an issue which may, under some circumstances, allow an unprivileged NDS user to access NT domain machines using a null password.

    The attacker must possess a valid NDS account. The attacker must target a NDS_ADM account that is in the NDS tree and is checked as having "Domain Admin" rights over the NT domain, but must not exist in the NT domain. If these conditions are satisfied, then it is allegedly possible for the unprivileged NDS user to gain unauthorized access to machines in the NT Domain with the privileges of a Domain Admin.

  2. #2
    Novell has all kinds of security issues..I used to use a hex editor and fool it into thinking it was a fresh install....hehe it would then ask me to set the admin password. If you did it right you would not corrupt any data

  3. #3
    Senior Member
    Join Date
    Oct 2001
    Novell is dying, if not already dead... Seldom have I seen a system with so many flaws (oh wait, there is of course windows...lmao )
    \"Software is like sex: it\'s better when it\'s free.\" -Linus Torvalds

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Redondo Beach, CA
    Irregardless if someone thinks that Novell may or may not be dying (the same has been said of *nix and Apple for years..), I am curious as to which Novell release this possible vulnerability exists with. Novell 5 and 6 have been pretty secure from what I've seen with little to no vulnerabilities (I know of one for the BorderManager 3.x firewall -- nasty DoS that I tested on a friend and literally destroyed his firewall as a result) so I am curious as to which version of Novell this affects.

    Novell Netware 3.x and 4.x are relatively unsecure and at this point, Novell itself says upgrading is the best security answer. S0nic, could you clarify that for me?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #5
    Senior Member
    Join Date
    Dec 2001
    I too would like to know which version, since I run several.

    Also it appears this is a combo novell/ms problem and related to the way nds and the domain processes interact.

    s0nIc let us know what else you find.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts