Bugtraq mailing list archives
Re: Respondus v1.1.2 stores passwords using weak encryption
From: "E. van Elk" <evelk () dsv nl>
Date: Thu, 23 Aug 2001 22:28:05 +0200
At 21:24 23-8-2001, Desmond Irvine wrote: >Respondus Version 1.1.2 (7-26-2001) stores passwords using weak encryption. >It's not only Respondus, but many other programs that needs to store passwords for, let's say, FTP access that use a very weak encryption system.
Two examples I recently discovered are UltraEdit v8.x and CuteFtp v4.2. Both use a very weak encoding system to store passwords for the FTP accounts. CuteFtp uses quite a weak system, but when using a password for the site manager, the sm.dat file is encrypted and it makes access to the encrypted passwords a little harder..
For some more info about the used encryption methods: http://www.eve-software.com/security
In the help-file from UltraEdit, the following section can be found:This checkbox determines if UltraEdit will save the password for later reference. If not the user will be prompted for the password as required. Note if the password is saved it is stored on the system. It is encrypted however the encryption mechanism is unsophisticated and should not be relied upon as a method of security.
--- Edwin van Elk evelk () dsv nl
Current thread:
- Respondus v1.1.2 stores passwords using weak encryption Desmond Irvine (Aug 23)
- Re: Respondus v1.1.2 stores passwords using weak encryption E. van Elk (Aug 23)
- Re: Respondus v1.1.2 stores passwords using weak encryption Philip Rowlands (Aug 24)