Actually, ipswitch should do two things. They should protect the registry keys so that all users cannot read the encrypted passwords. They should also use stronger crypto so that in the case that someone does get access to the registry keys, they cannot recover the passwords. This is important. Suppose that someone can gain temporary access to the server, they should not be able to recover the passwords so that they can use them in the future. A user may be able to get to the administrator's desk while he/she is away and get to those keys, but if they can get the administrator's password, they can drop in anytime they want and remotely administer IMail...or the machine if the administrator's password is the same for the domain/workstation as it is for IMail. If they use security at all levels it makes the job of an attacker much more difficult. I'm really displeased that ipswitch hasn't fixed this problem already. It is simple to protect the registry keys. Also, when their password scheme was revealed to be very simple in (April?) they should have moved to something much more secure, not just another different but simple scheme. If they're reading, perhaps they should consider MD5 or another hash algorithm. -steven ----- Original Message ----- From: Mikael Olsson <mikael.olssonat_private> To: Steven Alexander <steveat_private> Cc: <BUGTRAQat_private> Sent: Wednesday, December 22, 1999 1:27 PM Subject: Re: [w00giving '99 #11] IMail's password encryption scheme > > It would seem that the best solution is to NOT try fixing the > red herring (crypto with locally stored key) problem. > > The better solution would be to set the access rights > for the registry keys in question to only allow the user > running the IMail daemons, and the users that are supposed > to be able to locally administrate IMail. > > Am I right or am I right? > > (Btw, you can do this yourself; you don't have to wait > for ipswitch to release a fix) > > /Mike
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:22:59 PDT