>Provide a little clarification please. >Can you or can you not access files after giving a bogus password? >Other than a log issue, are you claiming and real exposure or >privledge elevation ?
I guess what I'm trying to say is that it *appears* to yield control, but we know it messes with logging. I was able to log in as users that didn't exist -- so this could very well be a logging problem only. To be honest, this software is so messed up that you'd have to be nuts to use it in production. :-) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
