Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: password vaults-
From: George Capehart <capegeo () opengroup org>
Date: Wed, 12 Oct 2005 23:39:00 -0400

David Royer wrote:
Sorry for the very noob question, but I'm having very hard times finding
such products.
 I have the pleasure and the incredible chance to support generic (shared
admin) passwords. I'm looking for a commercial product to manage the
distribution and protection of these passwords. Must be RSA compatible and
Active Directory (LDAP, to retrieve info and allow access). Also must be
able to support web (https) for users to log in and get the passwords they
are allowed to see.
 Best regards!

OK.  In spite of the fact that this has got to be a troll, I'll bite . .  .

Run from that as fast and as far as you can. Under /*any*/ circumstance, shared passwords are a major no-no. You're setting yourself up for misery . . . And allowing users "to log in and get the passwords they are allowed to see"? Think about that for a while and see if you can identify some potential risks there . . .

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]