The information in this advisory was supplied by Chris Hughes <[EMAIL PROTECTED]>.
This security advisory is not endorsed by Security-Focus.com.
Vulnerability in Novell Netware
Date Published: 03/08/01
Advisory ID: n/a
Bugtraq ID: 2446
CVE CAN: None currently assigned.
Title: Novell Netware Print Server Vulnerability
Class: Configuration Error
Remotely Exploitable: Yes
Locally Exploitable: Yes
Vulnerability Description: Novell Netware allows a user to log into a
Novell Network by using a Printer Server as the username. By default,
Novell Print Servers have blank passwords. In addition, Novell Print
Servers do not have intruder detection capability as a user account would,
so they are vulnerable to a brute force attack without risk of account
lockout. When a Print Server is logged into as a User, the account will
have the same rights as are assigned to the container that it resides in.
Vulnerable Packages/Systems: Novell Netware 3.1-5.1
Solution/Vendor Information/Workaround: Vendor has not responded yet.
Vendor notified on: 11/02/00
Credits: Discovered by Chris Hughes <[EMAIL PROTECTED]>
This advisory was drafted with the help of the SecurityFocus.com
Vulnerability Help Team. For more information or assistance drafting
advisories please mail [EMAIL PROTECTED]
--
SecurityFocus.com
Vulnerability Help Team