Full Disclosure mailing list archives

RE: IpSwitch IMail Server <= ver 8.1 User Password

From: "Scott Phelps" <scottp () dreamwright com>
Date: Tue, 17 Aug 2004 08:52:10 -0400

 

At one time, the command line utility to do this was actually linked from
Ipswitches "third parties utilities" web site.

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Anonymous
Sent: Monday, August 16, 2004 10:35 PM
To: Adik; full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] IpSwitch IMail Server <= ver 8.1 User
Password

From eEye's "darker" days:


http://www.w00w00.org/advisories/imailpass.html

At 11:18 PM 8/16/2004 +0600, Adik wrote:

Hi fellaz,

IpSwitch IMail Server version up to 8.1 uses weak encryption algorithm to
encrypt its user passwords. Have a look at attached proof of concept tool,
which will decrypt user password from local machine instantly.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: IpSwitch IMail Server <= ver 8.1 User Password Anonymous (Aug 16)
- RE: IpSwitch IMail Server <= ver 8.1 User Password Scott Phelps (Aug 17)