Bugtraq mailing list archives
Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability
From: Peter Ajamian <peter () pajamian dhs org>
Date: Fri, 08 Jun 2001 13:13:29 -0700
Peter W wrote:
Plus when you submit a change request template, your email contains the plaintext password. :-( Changing your password means sending the cleartext value to NetSol via email. So changing your password involves risk. :-(
In my recent experience, the unencrypted password is only transmitted in a secure www session, everything sent cleartext uses the encrypted form (but with NetSols' encryption methods it may as well be plain-text). Regards, Peter
Current thread:
- Network Solutions Crypt-PW Authentication-Scheme vulnerability Peter Ajamian (Jun 08)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability aleph1 (Jun 08)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Tyler Walden (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Barney Wolff (Jun 11)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Tyler Walden (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Chris Adams (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Len Sassaman (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Peter W (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Peter Ajamian (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Peter van Dijk (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Wichert Akkerman (Jun 11)
- <Possible follow-ups>
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability jkohl (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability aleph1 (Jun 08)