And frankly, it's a cleartext protocol. You'd be better off changing passwords via an https web page or some similar method.
Yes, thats what he have right now. A web page a user can go to via SSL and it talks to the poppasswd daemon. Still, I dont like to have known local vulnerabilities even though there is no user shell access to the box.
---Mike
Quoting Randall Gellens ([EMAIL PROTECTED]): > At 10:49 AM -0400 6/11/03, Mike Tancsa wrote: > > > > > Has there ever been a patched version ? I cant seem to find > >any updates on the qualcomm ftp site. > > I haven't finished testing and so on yet.