Archive

Archive for March, 2011

root password exposure on Ops Center provisioned hosts?

March 4, 2011 Leave a comment

# ls -l /var/opt/sun/jet/config/jumpstart.conf
-rwxr-xr-x 1 root other 1551 Apr 13 2010 /var/opt/sun/jet/config/jumpstart.conf

Contains the DES encrypted root password on line prefixed “JS_Default_Root_PW=” set during installation and is world-readable.

Tags: