Full Disclosure mailing list archives
Re: Nessus stores credentials in plain text
From: Raymond Morsman <raymond () dyn org>
Date: Sat, 27 Mar 2004 10:08:17 +0100
On Sat, 2004-03-27 at 06:01, ~Kevin Davis³ wrote:
I have posted this issue to a couple entities like bugtraq and CERT with no response. I mentioned this issue to an organization
And so it should be. These are not vulnerabilities in the pure sense of the word. What you call credentials are nothing more than system data for Nessus and therefore not an issue for Nessus. You can't use MD5 on systemdata. However, I must agree that it would be nice if this information would be encrypted with the users password. Raymond. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Nessus stores credentials in plain text ~Kevin Davis³ (Mar 26)
- Re: Nessus stores credentials in plain text Raymond Morsman (Mar 27)
- Re: Nessus stores credentials in plain text ~Kevin Davis³ (Mar 27)
- <Possible follow-ups>
- Re: Nessus stores credentials in plain text ~Kevin Davis³ (Mar 27)
- Re: Nessus stores credentials in plain text Raymond Morsman (Mar 28)
- Re: Nessus stores credentials in plain text ~Kevin Davis³ (Mar 28)
- Re: Nessus stores credentials in plain text Raymond Morsman (Mar 28)
- Re: Nessus stores credentials in plain text Raymond Morsman (Mar 27)