Sysinternals Homepage
Forum Home Forum Home > Sysinternals Utilities > PsTools
  New Posts New Posts RSS Feed: Password security across network
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

Password security across network
 Post Reply Post Reply
Author
Message Reverse Sort Order
  Share Topic Share Topic  Topic Search Topic Search  Topic Options Topic Options
Phr0stByte View Drop Down
Newbie
Newbie


Joined: 07 September 2006
Online Status: Offline
Posts: 6 		Post Options Post Options   Quote Phr0stByte Quote  Post ReplyReply Direct Link To This Post Topic: Password security across network
    Posted: 31 October 2006 at 10:18am

bump - anyone? no?
Back to Top
Phr0stByte View Drop Down
Newbie
Newbie


Joined: 07 September 2006
Online Status: Offline
Posts: 6 		Post Options Post Options   Quote Phr0stByte Quote  Post ReplyReply Direct Link To This Post Posted: 28 September 2006 at 10:58am

I have tried to find something incriminating with Ethereal without using the -u switch, but could not. 

Can anyone verify that it is significantly more secure without using the -u switch?  or does sensitive information on a users credentials get passed either way?

Back to Top
Phr0stByte View Drop Down
Newbie
Newbie


Joined: 07 September 2006
Online Status: Offline
Posts: 6 		Post Options Post Options   Quote Phr0stByte Quote  Post ReplyReply Direct Link To This Post Posted: 07 September 2006 at 1:11pm
and this IS with or without specifying the -u switch, right?
Back to Top
Karlchen View Drop Down
Senior Member
Senior Member
Avatar

Joined: 18 June 2005
Location: Germany
Online Status: Offline
Posts: 5121 		Post Options Post Options   Quote Karlchen Quote  Post ReplyReply Direct Link To This Post Posted: 21 August 2006 at 5:06pm
Hi, IamBruceM.

Although Mark's quotation was about psexec I am dead sure that all PS Tools commands use the same way of transferring the username and the password, unencrypted. - Hm, maybe I'm dead now, not sure.

Karl
Back to Top
IamBruceM View Drop Down
Newbie
Newbie


Joined: 21 August 2006
Online Status: Offline
Posts: 2 		Post Options Post Options   Quote IamBruceM Quote  Post ReplyReply Direct Link To This Post Posted: 21 August 2006 at 5:01pm

Hi Karl,

Thanks for your quick response - I'll look into IPSec as a way to secure the command.

Thanks
Back to Top
Karlchen View Drop Down
Senior Member
Senior Member
Avatar

Joined: 18 June 2005
Location: Germany
Online Status: Offline
Posts: 5121 		Post Options Post Options   Quote Karlchen Quote  Post ReplyReply Direct Link To This Post Posted: 21 August 2006 at 4:49pm
Hi, IamBruceM.

sorry, the answer is yes.

[...]PsExec therefore requires the password on the remote system and sends the password in clear text from the local system. You need to be aware of this fact if unauthorized network sniffers could intercept traffic between the local and remote system.
(Mark Russinovich, July 2004, Windows IT Pro, article about "psexec")

Karl



Edited by Karlchen - 21 August 2006 at 4:51pm
Back to Top
IamBruceM View Drop Down
Newbie
Newbie


Joined: 21 August 2006
Online Status: Offline
Posts: 2 		Post Options Post Options   Quote IamBruceM Quote  Post ReplyReply Direct Link To This Post Posted: 21 August 2006 at 12:01pm

Hi all,

First off, many thanks to all involved in making this tremendously useful bag 'o utilities available and well supported!

My question involves determining the security vulnerability associated with sending a psshutdown command with the -u and -p tags.

I would like to use APC Powerchute to run a batch file that uses psshutdown to shut off several servers not attached to the managed APC UPS.

When sending a psshutdown command (with -u and -p) across the network, are the username and password sent in clear text and therefore vulnerable to packet sniffing?

Thanks for your help!

 

 

 
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down