Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Nessus stores credentials in plain text
From: Raymond Morsman <raymond () dyn org>
Date: Sat, 27 Mar 2004 10:08:17 +0100

On Sat, 2004-03-27 at 06:01, ~Kevin Davis³ wrote:
I have posted this issue to a couple entities like bugtraq and CERT
with no response.  I mentioned this issue to an organization

And so it should be. These are not vulnerabilities in the pure sense of
the word.

What you call credentials are nothing more than system data for Nessus
and therefore not an issue for Nessus.

You can't use MD5 on systemdata. 

However, I must agree that it would be nice if this information would be
encrypted with the users password.


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]