SuSE 9.3

One of my recent encounters, has been, seemingly a problem with the SuSE 9.3 Linux Operating System security features when dealing with a NFS (Network File System). I found recently, a serious security flaw in the login procedure. I found that when the user types his/her password into any login propmt correctly with a user (be it KDM/XDM/GDM/SSH etc.), he logs in successfully. You may think: "Sure, whats the problem there then?", well the problem is with what I am going to say next. If the user's password is contained at the start of the password field, he/she will login without a problem, regardless of what characters come aftrer the password, in the password field. If this all makes sense to you, then I must stress that this is not the case with all SuSE 9.3 NFS-run systems. I have yet to find the cause for this flaw in security, so if you know what causes this, please leave a comment stating why, and I may present the findings to Novell themselves. The problem I have uncovered (and I'm sure others have too), creates serious implications for anyone who this affects. It leaves the system open to "Brute Force" login attacks, which could possibly be disasterous, especially if root access is gained. I urge anyone using S who this problem directly affects, to check their server's settings and comment here on anything that could cause the issue. If you of any other situation which causes this problem (including operating systems) please let me know.

Welcome

This is the blog of me, Ian Leckey, where I hope to detail any relevent findings of mine, and important issues that may be of use to anyone wanting to experiment with the methods I have tested. In other words, this is the place I write my thoughts, feelings, problems, and findings, when dealing with computer science. It is my sole purpose to provide useful information to anyone wishing to undertake that which I have already done. Welcome to my blog.