Microsoft Security Advisory (945713): Vulnerability in Web Proxy Auto-Discovery (WPAD
Revision Note: Advisory Updated: The registry key for the Configure a Domain Suffix Search List workaround has been corrected to the proper key of SearchList. Advisory Summary:Microsoft is investigating new public reports of a vulnerability in the way Windows resolves hostnames that do not include a fully-qualified domain name (FQDN). The technology that the vulnerability affects is Web Proxy Auto-Discovery (WPAD). Microsoft has not received any information to indicate that this vulnerability has been publicly used to attack customers, and Microsoft is not aware of any customer impact at this time. Microsoft is aggressively investigating the public reports. Customers whose domain name begins in a third-level or deeper domain, such as â??contoso.co.usâ??, or for whom the following mitigating factors do not apply, are at risk from this vulnerability.
secweb(1M)secweb(1M)NAME
secweb - invokes the HP-UX Auditing and Security Attributes Configuration tool
SYNOPSIS
[ ] [ ]
DESCRIPTION
The HP-UX Auditing and Security Attributes Configuration tool ( ) is used to configure suditing sub-system and, view and configure system-
wide and per-user (Local users and NIS users) values of security attributes. It also gives information about account locks.
The HP-UX Auditing and Security Attributes Configuration tool provides both Web-based and terminal user interface (for Security Attributes
Configuration only). The Web-based interface is launched through the HP System Management Homepage.
Superuser privileges are required to access the HP-UX Auditing and Security Attributes Configuration tool. A user who does not have supe-
ruser privileges has read-only access to the System Defaults area in the HP-UX Auditing and Security Attributes Configuration tool and can-
not modify or reset per-user values.
The terminal user interface is invoked if any of the following conditions are true:
o The command is invoked with option.
o The environment variable is not set.
The Web-based interface is launched if all the following conditions are true:
o The command is invoked with option.
o The environment variable is set.
o The command is available on the system.
If the Web-based interface cannot be launched, invokes the terminal user interface.
Options
recognizes the following options:
Forces a client browser to be used in less secure ways.
The option forces the client browser to be used or started, even when the X-traffic between the X-server and the Mozilla
browser is not secure.
Use this option only when you are sure the network traffic between the host where Mozilla is running and the host in the
DISPLAY variable is secure.
If cannot start the Web browser, the terminal interface is started.
When the HP-UX Auditing and Security Attributes Configuration Web interface is invoked by SAM, the option is used.
If a privileged user (root) executes the
command with the option, a temporary login bypass key is generated. The bypass key enables the user to access the Web
interface without having to provide login information again.
When the HP-UX Auditing and Security Attributes Configuration Web interface is invoked by SAM, the option is used.
Opens the terminal interface for setting system-wide and
per-user values of security attributes regardless of the current setting of the environment variable.
You can also start the HP-UX Auditing and Security Attributes Configuration tool using one of the following methods:
o Invoke and select the Auditing and Security Attributes Configuration (character mode) functional area to launch the terminal user
interface and the Auditing and Security Attributes Configuration (Web-based Interface) to launch the Web-based tool
o Invoke the HP-UX Auditing and Security Attributes Configuration tool Web interface by typing the URL in the address bar of your
browser, where hostname is the name of the server
o Launch the HP-UX Systems Insight Manager on the server and select the Auditing and Security Attributes Configuration tool from
Configure -> HP-UX Configuration menu
Online Help
After the HP-UX Auditing and Security Attributes Configuration tool is started, the online help provides details on how to use the tool.
RETURN VALUES
Upon completion, secweb returns one of the following values:
o 0 Successful
o 1 An error occurred
WARNINGS
o For increased security, paste the URL in your browser, click on the Tools menu in the menu bar, then the Auditing and Security
Attributes Configuration functional area.
o The default minimum values of the security attributes , , , and does not meet the requirements for passwd(1M) command. A password must
contain at least two letters and at least one numeric or special character. It is recommended to change the default values in for the
above mentioned security attributes as per passwd(1M) requirements. For more information on password construction requirements, refer
passwd(1M).
AUTHOR
was developed by Hewlett-Packard Company.
SEE ALSO sam(1M), security(4), userdb(4)secweb(1M)