|
Bugtraq
mailing list archives
Re: Hotline Client Plain password vuln.
From: macdaddy () neo pittstate edu
Date: Fri, 1 Mar 2002 00:33:35 -0600 (CST)
The Mac client dates back to around the Fall of 1997 and it has always
done that. All of Hotline's communication is plain text so I imagine the
authors figured there wasn't a need for encryption. Just store the file
in a secure place like in your personal profile directory and you should
be fine. I see it as no more insecure than a Netscape bookmarks file in
which you put your userid/passwd in a saved URL.
Justin
--
Justin Shore Pittsburg State University
Network & Systems Manager Kelce 157Q
Office of Information Systems Pittsburg, KS 66762
Voice: (620) 235-4606 Fax: (620) 235-4545
http://www.pittstate.edu/ois/
"Time spent tightening security at your site is best spent before a
break-in occurs. Never believe that your site is too small or of too
little consequence. Start out by being wary, and you will be more prepared
when the inevitable attack happens."
-- "Sendmail, 2nd Edition" by Bryan Costales & Eric Allman for O'Reilly
On Thu, 28 Feb 2002, Rense Buijen wrote:
Hello,
I am using Hotline Client 1.8.5 from Hotline Communications Ltd on a
windows XP platform. In this client you have the options to save
bookmarks so you can easily connect to your sites. When I was looking
around in the "Bookmarks" dir (program files\hotline communications ltd)
I saw that the bookmarks store your login, password and host in
plaintext although it is a binary file. Has this been mentioned before?
Is this normal or just a flaw from the creators?
Cheers,
Rens
 By Date 
By Thread
Current thread:
|
Intro
