IT Baseline Protection Manual - The Information Warfare Site

Threats Catalogue Deliberate Acts Remarks
____________________________________________________________________ .........................................
T 5.55 Login Bypass
After successful login to the Novell Netware server the login-scripts (systemlogin-script,
user-login-script) creates a personal network environment for the
user.
By using options when executing LOGIN.EXE under Novell Netware, neither
the system-login-script nor the user-login-script of the selected Novell
Netware server will be activated, thereby avoiding the security settings
implemented in the login-scripts. Security setting implemented in the login
scripts can therefore, be circumvented. Thus, after an authorised login and
with the help of map commands, it is possible for the user to "move around"
on the Novell Netware server, independent of the set parameters of the login
scripts (system login-scripts, user login-scripts). In conjunction with
insufficient allocation of privileges, this can lead to a situation whereby the
user has access to information which should normally not be available to him.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000