The second field, intriguingly, is the user’s password. The file /etc/passwd is usually world-readable and contains a list of known users, e.g.įor reference: the first field on each line is the username the third is the user’s numeric ID or UID (the root account is always UID zero) the sixth field is the user’s home directory and the last one denotes the program to run when the user logs in, typically a command shell for regular accounts and /bin/false, a program that exits immediately with an error code, for other accounts. Zyxel products are Linux-based, and Linux usernames and passwords are typically split between two files for security reasons. …yet it did have a password hash in the database itself, which was interesting all on its own. That name didn’t show up in the official list of usernames shown in the router’s user interface… He examined the password database that shipped in the firmware and noticed an unusual username of zyfwp. Towards the end of 2020, a researcher at Dutch cybersecurity company EYE was taking a look at the firmware of a Zyxel network router.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |