Bugtraq mailing list archives
Re: Insecure handling of NetSol maintainer passwords
From: ssh () SHN NU (Sean Sosik-Hamor)
Date: Thu, 11 Nov 1999 09:06:12 -0500
Jefferson Ogata <jogata () NODC NOAA GOV> wrote: # I have also noticed a problem with Network Solutions' handling of # passwords for CRYPT-PW authentication: when you submit the password # initially, the form they generate with their New Contact Form web # system runs the password you enter through crypt(), but the first # two characters of the encrypted value (the salt) are the same as the # first two characters of the password, indicating they use the # password as its own salt. I originally found this and reported it to them in 1996. Since then, I've sent them numerous emails and called them four or five times. Each time, I was told that "it would be looked into." So, here it is three years later. Yay. http://www.securityfocus.com/templates/archive.pike?list=1&date=1996-10-8&msg=Pine.LNX.3.95.961011120728.3070A-100000 () socks litter717 net /Sean/
Current thread:
- Re: Insecure handling of NetSol maintainer passwords Sean Sosik-Hamor (Nov 11)