Path: utzoo!attcan!uunet!cs.utexas.edu!tut.cis.ohio-state.edu!ucbvax!bloom-beacon!WPAFB-AVLAB.ARPA!fuzzy%aruba.dnet
From: fuzzy%aruba.dnet@WPAFB-AVLAB.ARPA (John Karabaic)
Newsgroups: comp.windows.x
Subject: Re: security problem in xdm(1) of MIT X and dxsession(1) of DECwindows
Message-ID: <8904181215.AA28637@wpafb-avlab.arpa>
Date: 18 Apr 89 12:15:27 GMT
Sender: daemon@bloom-beacon.MIT.EDU
Organization: The Internet
Lines: 16


   But on my system (VAXstation 3200, Ultrix-32 3.0 (REV 64) UWS 2.0), I always
   can get my plain password like this way:

	   od -s /dev/mem | grep assw | grep name
	   12345678 name: zhang\npassword: xxxxxxxx\n

   zhang%zgdvda.uucp@ddoinf6.bitnet

This has also been reproduced on a VAXstation III, Ultrix 3.0, UWS 2.0
running DECWINDOWS.  How about it, DEC?
	    Lt John S. Karabaic (fuzzy%aruba.dnet@wpafb-avlab.arpa)
     WRDC/TXI                    513 255 5800          It's not just a job.
     WPAFB, OH 45433-6543        AV 785 5800            It's an indenture.
			    These opinions are mine.
	    I cannot confirm or deny whether anyone else holds them.