T 4.11 Lack of authentication possibilities between NIS Server and NIS Client

If the NIS domain name is known, any computer can be signed on as a client, and all NIS maps can be read, in particular the password map.

If administrator privileges can be gained on a system, a NIS server process ( ypserv) can be started on a privileged port. The client process ypbind is then restarted on the target system. If the server process responds faster than the original NIS server arbitrary information can be transmitted to the client.