IT Baseline Protection Manual - The Information Warfare Site

Threats Catalogue Deliberate Acts Remarks
____________________________________________________________________ .........................................
T 5.56 Temporary free-access accounts
The standard set up of a new user account does not involve a password. As far
as the network operating system is concerned there is no obligation to assign a
password, although this can be set up in the standard settings ("Default
Account Balance/Restrictions"). The newly set-up user-accounts are openly
accessible to anyone without requiring a password. The more privileged the
account is on the Novell Netware server, the higher is the threat of the socalled
"race on new accounts".
In this context it must be taken into account that different versions (e.g. vers.
3.75, vers. 3.76) of Netware Utilities SYS:\PUBLIC\SYSCON.EXE transmit an
unencrypted password across the network, if the system administrator has
used a new password.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000