Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability

From: Peter Ajamian (peterat_private)
Date: Fri Jun 08 2001 - 13:13:29 PDT

Next message: jkohl: "Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability"

Previous message: Peter W: "Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability"
In reply to: Peter W: "Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability"
Next in thread: jkohl: "Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Peter W wrote:
> 
> Plus when you submit a change request template, your email contains the
> plaintext password. :-(
> 
> Changing your password means sending the cleartext value to NetSol via
> email. So changing your password involves risk. :-(

In my recent experience, the unencrypted password is only transmitted in
a secure www session, everything sent cleartext uses the encrypted form
(but with NetSols' encryption methods it may as well be plain-text).

Regards, Peter

Next message: jkohl: "Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability"
Previous message: Peter W: "Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability"
In reply to: Peter W: "Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability"
Next in thread: jkohl: "Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jun 10 2001 - 15:53:05 PDT