![]() |
Telelogic DOORS (steve huntington) | ![]() |
new topic :
profile :
search :
help :
dashboard :
calendar :
home
|
||
Latest News:
|
|
Topic Title: DOORS Security Question Topic Summary: Created On: 25-Nov-2008 21:12 Status: Post and Reply |
Linear : Threading : Single : Branch |
![]() |
![]()
|
![]() |
|
All,
I have the following situation. In our DOORS db, a fictitious user account was created. This user account was given full database administrator rights. Two previously disabled user accounts were re-activated. One of those previously dis-abled accounts was also given higher privileges than what it previously had before. All three accounts were modified on the same date. The login history file shows that a particular user's PC (a user who is internal to the company) was used to login from as each two of the previosly dis-abled accounts. The fake super user account was not used to login. The login history file shows logins by the internal user, followed by successive logins by the two previously dis-abled user ids. It seems unlikely that the admin password was compromised as there were no logins using the admin account. Anyone have any inkling what might have happened here? |
|
![]() |
|
![]() |
|
How do you know when the user accounts were changed?
It appears that the user whose machine was used to login the previously disabled accounts, was the one that granted the access. In any case, that user would know what happened since she/he used the accounts to login, and no doubt knows who enabled them. - Louie |
|
![]() |
|
![]() |
|
The date stamp on the "Last Changed" field is the same for the 3 three accounts - the two re-enabled accounts as well as the fictitious account.
The user whose machine was used claims no involvement or knowledge of what happened. |
|
![]() |
|
![]() |
|
I'm obviously missing something, but I see no such 'Last Changed' field for Users nor Groups. Please provide a little more info.
Does the user in question have rights ..err.. 'power' to manipulate the User database? Maybe someone used that client. You can use Triggers to get other folks to execute stuff for you. Clever hostile triggers will do their dirty work then delete themselves. But its possible such a trigger remains in the database. Look for 'DxlFind.dxl' on these forums that may perhaps find such hidden hostile triggers. - Louie |
|
![]() |
|
![]() |
|
The "Last Changed" field I am referring to is the last field on the Security tab when editing a user's account.
The user in question is a Standard user (did not have ability to update user accounts). I did not find any info on hostile triggers in forum. Omair |
|
![]() |
Telelogic DOORS
» Administration
»
DOORS Security Question
|
![]() |
FuseTalk Standard Edition v3.2 - © 1999-2009 FuseTalk Inc. All rights reserved.