NIS password file access


NIS password file access by arbitrary hosts.


Allows automated password guessing attacks.


The NIS (Network Information Service) implements network-wide access to administrative information. Examples of databases (also called NIS maps) that are shared via NIS: NIS databases are organized in domains. One NIS server can serve multiple NIS domains. In order to perform a query, a client sends a request to a NIS server and specifies

The problem

Many NIS implementations provide no access control. Every host that asks for information will receive a reply. In order to perform a query, one needs to know the server's NIS domain name. Often, this name is easy to guess, or it can be obtained via the bootparam network service.

When the local network is accessible from other networks, a remote intruder can collect password file information and run a password guessing program. Many people (including Dan Klein) have demonstrated that people tend to choose passwords that are easy to guess.



Other tips