I am taking over several web sites, and found that the users for both sites have VERY weak passwords... as in many are 3 digit numeric passwords (they use birthdates of mo/yr). Once I finished shuddering at the fact of such a weak set of passwords I started thinking.
As long as I dont allow telnet access or site admin status to any of these weak users, would it be safe to add them with the existing passwords? I noticed all I can see as a lowly site user is ftp-ing into my own local web space. Any exploits known for this? (dont need details, just a yes or no will suffice. Dont wanna open others to issues if the bad guys are watching) Roy (still thinking about making them change them regardless just so I feel better) _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
