I read about the famous .rhosts vulnerability from a research paper recently. The .rhosts vulnerability is due to the interaction between rlogin and ftp. Some people believed it’s not a “bug”, rather it’s due to the different assumptions made by rlogin and ftp.
I was shocked by the trust assumptions of rlogin. It trusts traffic from an admin port (port number less than 1024) of another host without any authentication. It shouldn’t be very surprising though. The rlogin was designed at a time when functionality is of the paramount concern. For example, telnet/ftp sends password unencrypted over the network.
As another example of the “functionality first” principle, we can have a look at the Shatter Attack. Similar to the .rhosts vulnerability, Shatter Attacker is due to the lack of authentication of windows message passing system.
The security impacts of the design flaws are serious. When the systems get popular and the mechanisms mingled with other systems, it’s difficult to switch. Operational costs are high since we already have a lot of legacy systems. That’s why industry people sometimes prefer a patch to a prevalent flawed design than a secure design built from scratch.
