<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Vulnerability Development: Re: xml over https

Re: xml over https

From: Mads Rasmussen <mads_at_opencs.com.br>
Date: Thu, 10 Feb 2005 10:25:11 -0300

Burke, Charles wrote:

>This web services was not using WS Security was it?
>I am assuming the xml encryption was custom or was it provided by WSE?
>
>
No WS security, not even webservices ;-)
Just simple encryption (a .dll doing 3des encryption) of specific XML
fields in an XML file, transported between the client and the server via
https
No encryption mode, that is ECB basically.

As I said, I did a small application calling their routine to decrypt
the fields without specifying the key.

Mads
Received on Feb 11 2005

This message: [ Message body ]
Next message: John R. Morris: "Re: books or material on mail protocols"
Previous message: Anzaldo, Oscar: "SAM encrypted with syskey"
In reply to: Burke, Charles: "RE: xml over https"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos