Re: Plain text password for Microsoft (icwip.dun)

From: Knud Erik Højgaard (kainat_private)
Date: Tue Jul 09 2002 - 12:03:47 PDT

Next message: KF: "Re: ALERT: Working Resources BadBlue #2 (DoS, Heap Overflow)"

Previous message: glaiveat_private: "VANED LABS: icecast filesystem disclosure"
In reply to: Steven Jones: "Plain text password for Microsoft (icwip.dun)"
Next in thread: Roland Postle: "Re: Plain text password for Microsoft (icwip.dun)"
Reply: Roland Postle: "Re: Plain text password for Microsoft (icwip.dun)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Recommendations
> ---------------
> Store passwords in an encrypted form

How are you gonna accomplish this since the password has to go 'over the
wire' in plaintext? To be able to authenticate with the password you need to
be able to decrypt it.. right?

-Knud

Next message: KF: "Re: ALERT: Working Resources BadBlue #2 (DoS, Heap Overflow)"
Previous message: glaiveat_private: "VANED LABS: icecast filesystem disclosure"
In reply to: Steven Jones: "Plain text password for Microsoft (icwip.dun)"
Next in thread: Roland Postle: "Re: Plain text password for Microsoft (icwip.dun)"
Reply: Roland Postle: "Re: Plain text password for Microsoft (icwip.dun)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 09 2002 - 12:52:41 PDT