Home page logo

bugtraq logo Bugtraq mailing list archives

Re: [w00giving '99 #11] IMail's password encryption scheme
From: mikael.olsson () ENTERNET SE (Mikael Olsson)
Date: Wed, 22 Dec 1999 20:27:28 +0100

It would seem that the best solution is to NOT try fixing the
red herring (crypto with locally stored key) problem.

The better solution would be to set the access rights
for the registry keys in question to only allow the user
running the IMail daemons, and the users that are supposed
to be able to locally administrate IMail.

Am I right or am I right?

(Btw, you can do this yourself; you don't have to wait
for ipswitch to release a fix)


Steven Alexander wrote:

Ipswitch doesn't seem to get the point.  This scheme is is only slightly
different than their old one(for version 4.X) which I released an advisory
about many months ago.


Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 105 50           Fax: +46 (0)660 122 50
Mobile: +46 (0)70 248 00 33
WWW: http://www.enternet.se        E-mail: mikael.olsson () enternet se

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]