SCO Openserver 5 expired password hole

Summary

Description:	SCO OpenSERVER 5 apparently doesn't prompt users for their expired password before making them change it. Duh.
Author:	ultima@CORINNE.MAC.EDU
Compromise:	root (local)
Vulnerable Systems:	SCO OpenSERVER5
Date:	22 February 1997 (could be pretty old)

Details

Exploit:

Date: Sat, 22 Feb 1997 06:05:12 -0000
From: ultima@CORINNE.MAC.EDU
To: BUGTRAQ@NETSPACE.ORG
Subject: NIS/YP hole

SCO OpenSERVER 5 exhibits a similar hole, the default login program doesn't prompt 
you for old passwd once it has expired. And with the many 
passwd-file-stealing-exploits its not hard to get the file, then analyze it to find 
which accounts have expired passwords (This data is kept in the last few characters 
of the password field). This is a pretty big hole, and jack0's post reminded me of 
it...

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:

All OS's	Linux	Solaris/SunOS	Micro$oft
*BSD	Macintosh	AIX	IRIX
ULTRIX/Digital UNIX	HP/UX	SCO	Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources: