Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: authentication bypass vulnerability
Special Forums Cybersecurity authentication bypass vulnerability Post 302479807 by pludi on Monday 13th of December 2010 03:37:37 AM
Old 12-13-2010
All the information is there: it's a Vulnerability that allows an attacker to bypass authentication.

For example, say such a vulnerability exists in an FTP server. By sending special prepared input an attacker could make the server think that the user is allowed to connect, even though no credentials are know. The attacker could then manipulate files on the server. If this happens to be a download server for software, he could even inject further vulnerabilities into the software provided there.
 

7 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

How can I bypass the Prompt in SFTP

I am on a sun solaris server and trying to create a script that will test if SFTP is up and running on a remote server (which could be unix or windows). My thought was to simply invoke sftp and if I get the prompt ofr "Password" then that is an indication that the service is running and I am... (2 Replies)
Discussion started by: pierluigi22
2 Replies

2. Solaris

bypass password authentication for sftp in unix

I am using solaris unix 8.2 version. I want to bypass password authentication for sftp. Can you please give some ideas on this. thanks.Regards. (4 Replies)
Discussion started by: vijill
4 Replies

3. Solaris

can't bypass password authentication

I can able to SFTP from my web server unix to apps server unix end. but the other way from APPS server to Web server is still asking me the password. I have done same procedure both side. still i am having same problem. Any one help on this. thanks, regards (3 Replies)
Discussion started by: vijill
3 Replies

4. Shell Programming and Scripting

Script to bypass the password field

Hello all Im trying to write a script that can get past the "enter password" field.Coming to the details, Im planning to write a script that can actually check for the validity of certificates in websphere. There is a utility "keytool" that helps provide this information.However if we want to... (4 Replies)
Discussion started by: coolkid
4 Replies

5. Shell Programming and Scripting

awk Division By Zero Bypass

Hi Friends, I don't understand why "a" is always being printed as zero, when I execute the following command. awk '{if($6||$8||$10||$12==0)a=b=c=d=0;else (a=$5/$6);(b=$7/$8);(c=$9/$10);(d=$11/$12); {print... (6 Replies)
Discussion started by: jacobs.smith
6 Replies

6. HP-UX

Bypass stale PE ?

Hello, I have an ancient HP-UX 11.11 system where I have a logical volume marked stale and I can't get it sync'd. I have tried lvsync and lvreduce/lvextend to no avail. It is just one 4Mb PE on the disk that I can't get current. # lvdisplay -v /dev/vg00/lvol5 | grep stale LV Status ... (17 Replies)
Discussion started by: port43
17 Replies

7. UNIX for Beginners Questions & Answers

Bypass crontab??

Hi there. I've put something in crontab that my raspberry doesn't like, it's trying to draw a window before the graphics are ready after login. Problem being after the error it throws me back to the login, so I can't log in. There is only one user setup on this raspberry so I can't log in... (6 Replies)
Discussion started by: MuntyScrunt
6 Replies

LEARN ABOUT DEBIAN

saslpluginviewer

PLUGINVIEWER(8) 					      System Manager's Manual						   PLUGINVIEWER(8)

NAME

       pluginviewer - list loadable SASL plugins and their properties

SYNOPSIS

       pluginviewer [-a] [-s] [-c] [-b min=N,max=N] [-e ssf=N,id=ID] [-m MECHS] [-x AUXPROP_MECH] [-f FLAGS] [-p PATH]

DESCRIPTION

       pluginviewer can be used by a server administrator to troubleshoot SASL installations.  The utility can list loadable (properly configured)
       client and server side plugins, as well as auxprop plugins.

OPTIONS

       -a     List auxprop plugins.

       -s     List server authentication (SASL) plugins.

       -c     List client authentication (SASL) plugins.

       -b min=N1,max=N2
	      List client authentication (SASL) plugins.  Strength of the SASL security layer in bits. min=N1 specifies the  minumum  strength	to
	      use  (1  =>  integrity protection). max=N2 specifies the maximum strength to use.  Only SASL mechanisms which support security layer
	      with strength M such that N1 <= M <= N2 will be shown.

       -e ssf=N,id=ID
	      Assume that an external security layer (e.g. TLS) with N-bit strength is installed.  The ID is the authentication identity  used	by
	      the external security layer.

       -m MECHS
	      Limit listed SASL plugins to the ones included in the MECHS (space separated) list.

       -x AUXPROP_MECHS
	      Limit listed auxprop plugins to the one listed in the AUXPROP_MECHS (space separated) list.

       -f FLAGS
	      Set  security flags. FLAGS is a comma separated list of one or more of the following security flags: noplain (SASL mechanism doesn't
	      send password in the clear during authentication), noactive (require protection from active  attacks),  nodict  (require	mechanisms
	      which  are  secure  against passive dictionary attacks), forwardsec (require forward secrecy), passcred (require mechanisms that can
	      delegate client credentials), maximum (require all security flags).

       -p PATH
	      Specifies a colon-separated search path for plugins.

SEE ALSO

       rfc4422 - Simple Authentication and Security Layer (SASL)

CMU SASL
							   Apr 10, 2006 						   PLUGINVIEWER(8)
All times are GMT -4. The time now is 05:05 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy