======PrimeBase Database Poor File Permissions and Crypt() Hash======
http://www.firebirdsql.org
or affiliated sites:
http://www.ibphoenix.com
The Firebird(tm) database engine is derived from the InterBase(r) product currently owned by Borland. The documentation for InterBase v 6.0 applies also to the current FireBird release. InterBase documentation is available in Adobe Acrobat format from http://info.borland.com/techpubs/interbase/."
The "information database" stored in the file isc4.gdb is read and writeable for all users with the default rpm installation of Firebird-1.0.3 for Linux.
[root@Fester interbase]# ls -l /opt/interbase/isc4.gdb -rw-rw-rw- 1 root root 618497 Jun 8 14:44 /opt/interbase/isc4.gdb
This file contains the password hashes and usernames for the firebird database. The passwords are hashed twice, once with the static salt "9z" and a second time with the returned crypt text minus the salt.
crypt(&crypt(user_password,"9z")[2],"9z")