Re: Password policy.

To: Corey Manshack <corey@manshack.me>
Cc: debian-user@lists.debian.org
Subject: Re: Password policy.
From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
Date: Wed, 14 Nov 2018 22:20:47 +1100
Message-id: <[🔎] 3ad487f6-e084-4f11-1635-09b2d63b020f@affinityvision.com.au>
In-reply-to: <[🔎] 381BE4F0-B93E-4870-9C78-54DA450CA4B5@manshack.me>
References: <[🔎] E1gMbT7-0001Ge-TB@dalton.invalid> <[🔎] E1gMlGF-0003eA-7F@dalton.invalid> <[🔎] 14112018093523.d0a297112cbc@desktop.copernicus.org.uk> <[🔎] 63d3b9d3-8e7e-0bf5-c680-a5400a74931d@affinityvision.com.au> <[🔎] 381BE4F0-B93E-4870-9C78-54DA450CA4B5@manshack.me>


On 14/11/18 9:28 pm, Corey Manshack wrote:
> If they have /etc/shadow why would they need to brute force :) I can’t think of a vuln that would give that up without them already having root.

A website file uploader tool, apparantly there has been one there for
about 10 years using jquery.  Once the file is uploaded, it can be
leveraged to steel other files that the website shouldn't have access to.

That's just one example.  I'm sure there are many others.

A.

Reply to:

Follow-Ups:
- Re: Password policy.
  - From: Corey Manshack <corey@manshack.me>

References:
- Password policy.
  - From: peter@easthope.ca
- Re: Password policy.
  - From: peter@easthope.ca
- Re: Password policy.
  - From: Brian <ad44@cityscape.co.uk>
- Re: Password policy.
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
- Re: Password policy.
  - From: Corey Manshack <corey@manshack.me>

Prev by Date: Re: Password policy.
Next by Date: Re: Password policy.
Previous by thread: Re: Password policy.
Next by thread: Re: Password policy.
Index(es):
- Date
- Thread