Bugtraq mailing list archives
Re: Password problem in Trumpet Winsock.
From: jes () GROVE UFL EDU (John Sheehy)
Date: Mon, 7 Apr 1997 02:50:03 -0400
On Sun, 6 Apr 1997, null wrote: | I've known of this bug for over a year and a half now, and am tired of | waiting to see if Trumpet will ever fix it. | | It is possible to open trumpwsk.ini, take the encrypted string for the | $password= variable, and place it in the ppp-username= variable. This, | allows one to start up tcpman.exe,g oto File > PPP Options and get the | user's password. [...] I use this script in TWSK 2.0b to recover passwords: # little script load $password output \13 display "password: " display '$password' output \13\13 #end Doesn't take much, does it? I think it's generally a bad idea to store your password in any kind of dialer program. Passwords authenticate people, not machines. Your machine shouldn't "know" your password. Machine-to-machine authentication should be performed in a protocol that doesn't use a password as the shared secret. -John Sheehy
Current thread:
- Password problem in Trumpet Winsock. null (Apr 06)
- Linux - buffer overflow in filter Mikhail Iakovlev (Apr 06)
- Re: Password problem in Trumpet Winsock. John Sheehy (Apr 06)
- Re: Password problem in Trumpet Winsock. Michael Douglass (Apr 07)
- Netware + Win95 issue Lauri Laupmaa (Apr 07)
- Re: Netware + Win95 issue Paul Melson (Apr 08)
- Another one javascript exploit attempt? Andrew V. Kovalev (Apr 07)
- DUMP of NT system crash Vytautas Vysniauskas (Apr 07)
- Re: Password problem in Trumpet Winsock. Paul Melson (Apr 07)
- BoS: /etc/default/login LOCKOUT= creates arbitrary files (fwd) Illuminati Primus (Apr 07)
- Re: BoS: /etc/default/login LOCKOUT= creates arbitrary files (f Eugene Bradley (Apr 08)
- FreeBSD Security Advisory: FreeBSD-SA-97:03.sysinstall Aleph One (Apr 07)
- CERT Advisory CA-97.09 - Vulnerability in IMAP and POP Aleph One (Apr 07)
(Thread continues...)