Bugtraq: Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards

From: Seth Breidbart <sethb () panix com>
Date: Thu, 5 Aug 2004 23:51:07 -0400 (EDT)

"Kevin Sheldrake" <kev () electriccat co uk> wrote:

Ignoring the initial expense for a moment, wouldn't it have made a
lot of sense to include the keypad actually on the cards?
Obviously, card readers would need to be contructed such that the
keypad part of the card would be exposed during use.


No, they wouldn't.  The card could remember the key typed on it for,
say, 60 seconds.

Seth

By Date By Thread

Current thread:

Clear text password exposure in Datakey's tokens and smartcards vuln (Aug 04)
- Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Lionel Ferette (Aug 04)
  - Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Toomas Soome (Aug 04)
    - Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Kevin Sheldrake (Aug 05)
    - Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Seth Breidbart (Aug 06)
    - Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Lee Dilkie (Aug 05)
    - Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Kevin Sheldrake (Aug 06)