Bugtraq mailing list archives

Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability

From: Peter Ajamian <peter () pajamian dhs org>
Date: Fri, 08 Jun 2001 13:13:29 -0700

Peter W wrote:


Plus when you submit a change request template, your email contains the
plaintext password. :-(

Changing your password means sending the cleartext value to NetSol via
email. So changing your password involves risk. :-(


In my recent experience, the unencrypted password is only transmitted in
a secure www session, everything sent cleartext uses the encrypted form
(but with NetSols' encryption methods it may as well be plain-text).

Regards, Peter

Current thread:

Network Solutions Crypt-PW Authentication-Scheme vulnerability Peter Ajamian (Jun 08)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability aleph1 (Jun 08)
  - Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Tyler Walden (Jun 10)
    - Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Barney Wolff (Jun 11)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Chris Adams (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Len Sassaman (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Peter W (Jun 10)
  - Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Peter Ajamian (Jun 10)
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Peter van Dijk (Jun 10)
  - Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability Wichert Akkerman (Jun 11)
- <Possible follow-ups>
- Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability jkohl (Jun 10)