Non-secure network
Novell NetWare Administrator has been shared (as in network shares) and can be executed by any user, and it can access the central server for the 1800+ student accounts and the 230+ staff accounts. The following screenshots show things that any logged-on user can access. (Clearly, I’ve taken out a few things for anonymity and to prevent others from abusing this ability. I plan on reporting this to a Site Admin.)
More after the jump.
The one fortunate thing is that NetWare Administrator (the program itself) isn’t that insecure. Non-administrators can’t modify certain details, like password policies. Nor can someone modify another person’s password. However, the main screen (user information) isn’t protected in the same way, and the system essentially serves as a list of the 1750+ students’ first and last names, in addition to the teachers and staff.
I hope this is corrected soon.
