Re: Password policy.

To: debian-user@lists.debian.org
Subject: Re: Password policy.
From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
Date: Wed, 14 Nov 2018 22:28:44 +1100
Message-id: <[🔎] e2587192-8aff-09d2-12fd-eb6d89252371@affinityvision.com.au>
In-reply-to: <[🔎] 3D223741-5592-417D-9B25-DBFE140D2184@manshack.me>
References: <[🔎] E1gMbT7-0001Ge-TB@dalton.invalid> <[🔎] E1gMlGF-0003eA-7F@dalton.invalid> <[🔎] 14112018093523.d0a297112cbc@desktop.copernicus.org.uk> <[🔎] 63d3b9d3-8e7e-0bf5-c680-a5400a74931d@affinityvision.com.au> <[🔎] 381BE4F0-B93E-4870-9C78-54DA450CA4B5@manshack.me> <[🔎] 3ad487f6-e084-4f11-1635-09b2d63b020f@affinityvision.com.au> <[🔎] 3D223741-5592-417D-9B25-DBFE140D2184@manshack.me>


On 14/11/18 10:25 pm, Corey Manshack wrote:
> So using the file uploader tool we can inject many more dangerous scripts and codes to gain higher access than just “reading” /etc/shadow if the uploader tool is running as privileged user or we gained privilege escalation another way.

Sure, I never said it was a good example...

In any case, weak passwords as per the "recommendation" are surprising
to say the least.

A.

Reply to:

Follow-Ups:
- Re: Password policy.
  - From: Corey Manshack <corey@manshack.me>

References:
- Password policy.
  - From: peter@easthope.ca
- Re: Password policy.
  - From: peter@easthope.ca
- Re: Password policy.
  - From: Brian <ad44@cityscape.co.uk>
- Re: Password policy.
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
- Re: Password policy.
  - From: Corey Manshack <corey@manshack.me>
- Re: Password policy.
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
- Re: Password policy.
  - From: Corey Manshack <corey@manshack.me>

Prev by Date: Re: Password policy.
Next by Date: Questions about upgrading from stretch to testing
Previous by thread: Re: Password policy.
Next by thread: Re: Password policy.
Index(es):
- Date
- Thread