The diag debug application httpd commands will expose the webgui login details regardless if it's for a system admin or local user.
Here's the diag debug command used ;
Now here's some debug outputs from a few trace-logs;
Local_User
So even if the user password is encrypted, the passwords will be displayed in the trace-log.
What this boils down to;
Any mail admin can access the diag debug command and all user login/password or other admins access information by the enabling of a debug httpd trace
Ken Felix
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( * * )=
o
/ \
No comments:
Post a Comment