CTSS contains a flaw related to the time usage tracking functionality. The issue is triggered when a local user sends a XEC * (indirect instruction) command to execute a STZ (store zero) instruction to zero out the time usage value. This is possible because the " cumulative time usage for each account was loaded into the operating system every time the associated user’s core image was swapped into memory." This allowed users to bypass any time restrictions imposed on them by system operators.
CTSS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user makes an offline printing request for the UACCNT.SECRET file. This file contains the unencrypted passwords for every user on the system. By using the printing feature, and being the first one to the printing cabinet, a user could gain access to the passwords of every user on the system.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.