|
Full Disclosure
mailing list archives
Re: Plain Text Password Disclosure vulnerability in rediff mail
From: awf awf <lol-wut-hurr () live com>
Date: Thu, 10 Sep 2009 11:36:09 -0400
And? Every web application sends passwords as plain text unless they are using SSL. Pretty much any "encryption" that
they may do client side that isn't SSL is meaningless. I hardly see how being able to sniff passwords from a site that
isn't using SSL is big news.
_________________________________________________________________
Windows Live: Make it easier for your friends to see what you’re up to on Facebook.
http://windowslive.com/Campaign/SocialNetworking?ocid=PID23285::T:WLMTAGL:ON:WL:en-US:SI_SB_facebook:082009 _______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Re: Plain Text Password Disclosure vulnerability in rediff mail awf awf (Sep 11)
(Thread continues...)
| 
