COMMAND

    Timbuktu

SYSTEMS AFFECTED

    Netopia's Mac OS X Timbuktu

PROBLEM

    'SM' from Macintosh Security found following.  Netopia's Mac OS  X
    version of Timbuktu makes it possible to gain full access  without
    logging in.

    At the login screen of the  freshly updated Mac OS X with  preview
    version of Timbuktu for Mac OS X we have found a Timbuktu icon  in
    the upper left hand portion of the screen.  The menu contains  all
    of  the  goodies  (open  timbuktu,  turn  tcp  on/off, about, etc)
    Timbuktu users have known and loved from the classic OS.  The menu
    About  Timbuktu  when  clicked  on  gives  you full control to the
    apple menu and system  preferences without even being  logged into
    OS X.

    Having access to  the System Preferences  without being logged  in
    can allow  access to  the users  panel where  someone could change
    passwords or any system setting.

    Essentially, you've got  admin access to  the entire system  prefs
    window and the users panel even shows the hidden admin/root user.

SOLUTION

    If you have purchased this product and would like this issue taken
    care of please  contact Netopia.   Netopia - "Although  we welcome
    your feedback, the software is sold without warrantee"