Jefferson Ogata <jogataat_private> wrote: # I have also noticed a problem with Network Solutions' handling of # passwords for CRYPT-PW authentication: when you submit the password # initially, the form they generate with their New Contact Form web # system runs the password you enter through crypt(), but the first # two characters of the encrypted value (the salt) are the same as the # first two characters of the password, indicating they use the # password as its own salt. I originally found this and reported it to them in 1996. Since then, I've sent them numerous emails and called them four or five times. Each time, I was told that "it would be looked into." So, here it is three years later. Yay. Pine.LNX.3.95.961011120728.3070A-100000at_private">http://www.securityfocus.com/templates/archive.pike?list=1&date=1996-10-8&msg=Pine.LNX.3.95.961011120728.3070A-100000at_private /Sean/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:11:21 PDT