|
Bugtraq
mailing list archives
Re: Password problem in Trumpet Winsock.
From: jes () GROVE UFL EDU (John Sheehy)
Date: Mon, 7 Apr 1997 02:50:03 -0400
On Sun, 6 Apr 1997, null wrote:
| I've known of this bug for over a year and a half now, and am tired of
| waiting to see if Trumpet will ever fix it.
|
| It is possible to open trumpwsk.ini, take the encrypted string for the
| $password= variable, and place it in the ppp-username= variable. This,
| allows one to start up tcpman.exe,g oto File > PPP Options and get the
| user's password.
[...]
I use this script in TWSK 2.0b to recover passwords:
# little script
load $password
output \13
display "password: "
display '$password'
output \13\13
#end
Doesn't take much, does it?
I think it's generally a bad idea to store your password in any kind of
dialer program.
Passwords authenticate people, not machines. Your machine shouldn't "know"
your password. Machine-to-machine authentication should be performed in a
protocol that doesn't use a password as the shared secret.
-John Sheehy
 By Date 
By Thread
Current thread:
|
Intro
