Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability
From: Peter Ajamian <peter () pajamian dhs org>
Date: Fri, 08 Jun 2001 13:13:29 -0700

Peter W wrote:

Plus when you submit a change request template, your email contains the
plaintext password. :-(

Changing your password means sending the cleartext value to NetSol via
email. So changing your password involves risk. :-(

In my recent experience, the unencrypted password is only transmitted in
a secure www session, everything sent cleartext uses the encrypted form
(but with NetSols' encryption methods it may as well be plain-text).

Regards, Peter

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]