Re: Password policy.

[Andrew McGlashan]

On 14/11/18 10:25 pm, Corey Manshack wrote:
> So using the file uploader tool we can inject many more dangerous scripts and 
> codes to gain higher access than just “reading” /etc/shadow if the uploader 
> tool is running as privileged user or we gained privilege escalation another 
> way.

Sure, I never said it was a good example...

In any case, weak passwords as per the "recommendation" are surprising
to say the least.

A.