會員 ![]() | 使用ARCServe備份資料的網友注意了~ 使用ARCServe備份資料的網友注意了~ 最近ARCServe被發現密碼以明文的方式存於檔案之中,其中可能包含了Administrator的密碼,盜用者有可能因此獲得系統權限,請小心 !! 詳細內容如下: The default install of ARCServe for NT creates a hidden share on Windows NT machines when it is installed. The name of this share is ARCSERVE$. The permissions of the share allow all users in a domain to map this share. However, this is not the worst part. Within the share is a file named aremote.dmp. The full path is ARCSERVE$\DR\<NAME of SERVER>\aremote.dmp. In the aremote.dmp file, the account name that runs the backup is in cleartext within this file. Also, a little further within the file, the password for the account is in cleartext. Seeing as how the account that performs backups can access system files, this is very dangerous. Some places run their backups as the NT domain administrator account. |
回覆 |
傑生自愛 ![]() | 剛剛去看了一下 是真的!!! ![]() ![]() ![]() 老大!你是從哪得知? 鳥不起!!!!! |
回覆 |
會員 ![]() | |
回覆 |
|
XML | RSS 2.0 | RSS |
本論壇所有文章僅代表留言者個人意見,並不代表本站之立場,討論區以「即時留言」方式運作,故無法完全監察所有即時留言,若您發現文章可能有異議,請 email :[email protected] 處理。