Bugtraq mailing list archives
Insecure handling of NetSol maintainer passwords
From: jlewis () LEWIS ORG (jlewis () LEWIS ORG)
Date: Mon, 8 Nov 1999 20:12:49 -0500
Some months ago I began using the crypt-pw Auth Scheme with my Internic/Network Solutions NIC handle because forging mail to ineternic.net is just too easy and I don't want my domains messed with. On Sep 21, 1999 I notified security () networksolutions com that when doing domain updates with Auth Scheme Crypt-PW, if the clear text password contains spaces, their processing scripts strip out the password up to the first space, and then send off notification emails containing the remainder of the password to the other contacts involved with the domain being updated. I was told my report had been passed on to the developers for a fix. About a month went by and the problem had not been fixed, so I asked about it again. On Oct 26, I was told it was still in the hands of the developers, and it was recommended that I not use a password containing spaces. Today, I sent in some updates, and the probem still has not been fixed. ---------------------------------------------------------------------- Jon Lewis *jlewis () lewis org*| Spammers will be winnuked or System Administrator | nestea'd...whatever it takes Atlantic Net | to get the job done. _________http://www.lewis.org/~jlewis/pgp for PGP public key__________
Current thread:
- Re: Netscape Web Publisher, (continued)
- Re: Netscape Web Publisher nblasgen () NICK REFRACT COM (Nov 07)
- vwxploit.c unix port Sebastian (Nov 08)
- Windows NT Spooler Service. Avri Schneider (Nov 07)
- [w00giving '99 #2] IMAIL POP server Shok (Nov 07)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Blue Boar (Nov 07)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Jefferson Ogata (Nov 08)
- MS Outlook alert : Cuartango Active Setup Elias Levy (Nov 08)
- BigIP - bigconf.cgi holes Guy Cohen (Jun 13)
- Re: MS Outlook alert : Cuartango Active Setup David LeBlanc (Nov 08)
- Re: MS Outlook alert : Cuartango Active Setup - Workaround Instructions Mark (Nov 08)
- Insecure handling of NetSol maintainer passwords jlewis () LEWIS ORG (Nov 08)
- flaw in dmesg under Solaris echo8 (Nov 09)
- Re: Insecure handling of NetSol maintainer passwords Jefferson Ogata (Nov 09)
- Re: Insecure handling of NetSol maintainer passwords pedward () WEBCOM COM (Nov 10)
- Re: Insecure handling of NetSol maintainer passwords Trevor Schroeder (Nov 10)
- networksolutions CRYPT-PW salt (was: Re: Insecure handling of NetSol maintainer passwords) Jefferson Ogata (Nov 10)
- [Cobalt] Security Advisory - cgiwrap Jeff Bilicki (Nov 09)
- Re: MS Outlook alert : Cuartango Active Setup - Workaround Instructions Andy Helsby (Nov 09)
- Re: FreeBSD 3.3's seyon vulnerability Bill Fumerola (Nov 09)