-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On pon 10. marca 2003 14:31, Florian Heinz wrote: > http://nstx.dereference.de/snippets/qex.c > Feedback is welcome. Enforcing TLS/SSL is a temprorary workaround against script-kiddies - exploit (out-of-the-box) will not be able to authenticate. (there is a user foobar, with passwd "lalala" on the system) $ ./qex rootbox foobar lalala Phase 1: Seeking buffer size Connecting to xxx.xxx.xxx.xxx... Logging in... Could not log in. Did you provide a valid username/password-combination? Exiting due to error... that's becouse: $ telnet 0 110 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. +OK ready user foobar - -ERR [AUTH] You must use TLS/SSL or stronger authentication such as APOP to connect to this server quit Not a fix, but who sends plaintext passwords anyway :) Unfortunately, I must assume, that at some point some "friendly" soul will equip qex with TLS/SSL. What is the vendor response on that? - -- grok GPG public key at http://www.keyserver.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+bzP3ANulANzEW40RArDsAJ43VBZhYJXdhWsyGXT59LfwbJkH8wCgs+FW 8g4LLzXZ/D71rkaVjDRBR0c= =CVSC -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Wed Mar 12 2003 - 09:36:28 PST