Re: Passwordlist in Wireshark - User feedback wanted

[Graham Bloice <graham.bloice () trihedral com>]

On Fri, 14 Jun 2019 at 21:27, Roland Knall <rknall () gmail com> wrote:

> Hi
>
> There is a patch currently waiting for inclusion. It would allow for
> dissectors to easily make credentials (username/password) available and
> present them in a tool window in Wireshark.
>
> The main concern here is, that this could lead companies, evaluating
> Wireshark to be used within  the company, to deny the use of the program,
> due to wrongly identifying Wireshark as a hacking tool.
>
> We would like your feedback on that topic
>
> kind regards
> Roland

I also haven't reviewed the proposed change but in general my view is that
it's Wireshark's job to present the information in the capture files in a
manner that's useful to the users.  Credentials are one element of this
information, and to me, is like any other "object", so I think that adding
the dialog that summarizes them is perfectly OK.

If this causes some companies to "ban" Wireshark, then so be it.  That
won't hide the credentials travelling on their networks.

For more aware companies, they would be able to instruct users to check the
"credentials" dialog before sharing the capture to minimise a compromise.



-- 
Graham Bloice

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe