[cvsnt] Re: Possible security risk

Tony Hoyle tmh at nodomain.org
Fri Jun 13 02:08:31 BST 2003


River wrote:

> With cvsnt 2.0.4  hosted on network I created 2 user accounts. One of them
> is added to admin file, and other is not. But when I logged with not admin
> account I was able to delete administrator account using passwd
> subcommand. Anyoune ???
> River

Presumably the other user was an administrator on the machine (either a
domain admin or a local admin on the cvs box).

Tony



More information about the cvsnt mailing list