top | item 27672284

(no title)

dnet | 4 years ago

Not necessarily -- there can be a number of reasons one can access localhost over the loopback interface that does _not_ imply root access: SSRF, misconfigured tunnels, or just a plain unpriviliged account where the attacker couldn't perform privilege escalation (either because the attacker's incompetence or the system being up-to-date and/or hardened)

discuss

habibur|4 years ago

Ok. Then add your password on these system when you design like that. That's not the default as most people feel otherwise.