Date: Mon, 03 May 1999 08:45:25 -0400 From: "Bobby, Paul" To: "'PacketStorm@Genocide2600.com'" Subject: bug/Netscape-DirectoryServer4 After installing Netscape's Directory Server 4 for Solaris, one of the final options is to remove a file called 'install.inf' which the install process claims could contain sensitive information. Answering yes to this question will delete the file. However there is another file left behind after installation which contains the un-encrypted 'admin' password. This file has world read permissions and is located in /usr/netscape/server4/admin-serv/config/adm.conf The parameter is seipid --------------------------------------------------------------------------- Date: Mon, 03 May 1999 08:52:53 -0400 From: "Bobby, Paul" To: 'Packet Storm Security' Subject: RE: bug/Netscape-DirectoryServer4 The results of uname -a SunOS zaphod 5.6 Generic_105181-12 sun4u sparc SUNW,Ultra-Enterprise I haven't informed SUN, Bugtraq or Netscape about this yet.