Reply to post: Re: Unencrypted passwords in user profiles

College PRIMOS prankster wreaks havoc with sysadmin manuals

disgruntled yank Silver badge

Re: Unencrypted passwords in user profiles

DG was pretty smart.

But in their own AOS/VS operating system, one had the option to create a user account with unencrypted password. This led to an odd case on a contract where I worked: I arrived to find the staff trying to figure out why our admins could log in to server X, but the users couldn't. Our privileged accounts all had encrypted passwords, so I suspected a failure in the EXEC process, which managed logins (and spooling). We confirmed that accounts with encrypted passwords could log in, accounts with unencrypted passwords could not, and we copied over a good version of EXEC.EXE, which fixed the problem.

And I must admit that the unencrypted password did come in handy for pranking once, when we were challenged to test the security of an adjoining network--one of our sometime co-workers had (having moved from the contract) an account with unencrypted password on a machine we had access to. We did no damage, but we made it clear that we could log in as him.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020