[Samba] Samba 2.2.5 Security Bug?
imed at gmx.ch
imed at gmx.ch
Tue Oct 8 18:10:01 GMT 2002
Hi there,
> No password is different from the password "" (an empty password).
> "" is actually hashed as an empty string and is a valid password,
> NO PASSWORD is treated differently.
That not very consistent! With SWAT it's not possible for the user user to
set an empty password, this is Unix like.
No password is just allowed for root, that's ok, because it's under root's
control. An empty password is possible for all user and this really bad,
because you don't have any control on the user passwords, even not in the smb.conf
file!
In addition, with the old samba versions < 2.0 it wasn't possible even for
root to set an empty password!
Is there any cogent reason, why should "" (an empty password) now be a valid
password?
Thanks for hints!
regards,
Imed
--
+++ GMX - Mail, Messaging & more http://www.gmx.net +++
NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!
More information about the samba
mailing list