[20948] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability

daemon@ATHENA.MIT.EDU (Peter Ajamian)
Sun Jun 10 18:52:26 2001

Message-ID: <3B2131E9.7276D079@pajamian.dhs.org>
Date: Fri, 08 Jun 2001 13:13:29 -0700
From: Peter Ajamian <peter@pajamian.dhs.org>
MIME-Version: 1.0
To: Peter W <peterw@usa.net>
Cc: bugtraq@securityfocus.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Peter W wrote:
> 
> Plus when you submit a change request template, your email contains the
> plaintext password. :-(
> 
> Changing your password means sending the cleartext value to NetSol via
> email. So changing your password involves risk. :-(

In my recent experience, the unencrypted password is only transmitted in
a secure www session, everything sent cleartext uses the encrypted form
(but with NetSols' encryption methods it may as well be plain-text).

Regards, Peter

home	help	back	first	fref	pref	prev	next	nref	lref	last	post