GEN:SID | 1:505 |
Message | MISC Insecure TIMBUKTU Password |
Summary | This event is generated when an attempt is made to login to a Timbuktu server using an unencrypted link.
|
Impact | Serious. Unauthorized access to the server.
|
Detailed Information | Looks at the initial hex code of a Timbuktu client login and captures the login and password combination.
This is a poor security practice over the open internet and on untrusted network links. This is a Timbuktu login going over plaintext to the Timbuktu server.
That means that anyone sniffing the wire can now use the login and password used to gain access to the Timbuktu server.
|
Affected Systems | Windows all versions Mac OS 7.5.3 and later
|
Attack Scenarios | |
Ease of Attack | Simple.
|
Corrective Action | Use Timbuktu over encrypted links or only on local LANs
|
Additional References | |
Rule References | arachnids: 229
|