#1 Security allert for V0.3.4

open
None
9
2005-09-05
2005-09-05
Lewis Baughman
No

There has been a security problem found in 034 that
relates to the "up,down,force,unforce,block,unblock"
users. The problem is that when FTP is enabled it is
possible to login with any of these users and gain
access to the / directory with just using a "*" asteric
for the password. This bug only relates to users of 034
and the simple solution is to manually edit the
/etc/passwd file and delete those users from the file.
An alternative is to add a password for those users in
the advanced setup in the password dialout control
section if you are actually using this function in
FREESCO on a dialup configuration.

Discussion