|
While one of my users was being brute force
password guessing attacked, I noticed the following:
Jul 17 01:32:56 kungfoo vpopmail[8190]: vchkpw:
password fail [morgan] [kiss] from 209.107.42.5
Jul 17 01:32:57 kungfoo vpopmail[8192]: vchkpw: password fail [morgan] [innovative] from 209.107.42.5 is it good to show failed passwords in the maillog?
what if someone typos? someone could easily guess the correct
password.
by default: -rw-r--r-- 1
root root 5036326 Jul 18
15:21 /var/log/maillog
I took the read bit off world of course, but I
don't know if its good to be broadcasting attempted passwords in a by-default
readable file?
Ryan
|
- RE: maillog security with vchkpw ? Ryan J Nichols
- RE: maillog security with vchkpw ? Stephen Mills
- Re: maillog security with vchkpw ? Peter Green
