[13069] in bugtraq
Re: [w00giving '99 #11] IMail's password encryption scheme
daemon@ATHENA.MIT.EDU (Mikael Olsson)
Thu Dec 23 12:37:19 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-Id: <38612620.F8246F12@enternet.se>
Date: Wed, 22 Dec 1999 20:27:28 +0100
Reply-To: Mikael Olsson <mikael.olsson@ENTERNET.SE>
From: Mikael Olsson <mikael.olsson@ENTERNET.SE>
X-To: Steven Alexander <steve@CELL2000.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
It would seem that the best solution is to NOT try fixing the
red herring (crypto with locally stored key) problem.
The better solution would be to set the access rights
for the registry keys in question to only allow the user
running the IMail daemons, and the users that are supposed
to be able to locally administrate IMail.
Am I right or am I right?
(Btw, you can do this yourself; you don't have to wait
for ipswitch to release a fix)
/Mike
Steven Alexander wrote:
>
> Ipswitch doesn't seem to get the point. This scheme is is only slightly
> different than their old one(for version 4.X) which I released an advisory
> about many months ago.
>
> -steven
>
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 VRNSKVLDSVIK
Phone: +46 (0)660 105 50 Fax: +46 (0)660 122 50
Mobile: +46 (0)70 248 00 33
WWW: http://www.enternet.se E-mail: mikael.olsson@enternet.se
