Full Disclosure mailing list archives
Re: Plain Text Password Disclosure vulnerability in rediff mail
From: awf awf <lol-wut-hurr () live com>
Date: Thu, 10 Sep 2009 11:36:09 -0400
And? Every web application sends passwords as plain text unless they are using SSL. Pretty much any "encryption" that they may do client side that isn't SSL is meaningless. I hardly see how being able to sniff passwords from a site that isn't using SSL is big news. _________________________________________________________________ Windows Live: Make it easier for your friends to see what you’re up to on Facebook. http://windowslive.com/Campaign/SocialNetworking?ocid=PID23285::T:WLMTAGL:ON:WL:en-US:SI_SB_facebook:082009
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Plain Text Password Disclosure vulnerability in rediff mail awf awf (Sep 10)
- Re: Plain Text Password Disclosure vulnerability in rediff mail Dan Kaminsky (Sep 10)
- Re: Plain Text Password Disclosure vulnerability in rediff mail dramacrat (Sep 10)
- Re: Plain Text Password Disclosure vulnerability in rediff mail D-vice (Sep 11)
- Re: Plain Text Password Disclosure vulnerability in rediff mail Valdis . Kletnieks (Sep 11)
- Re: Plain Text Password Disclosure vulnerability in rediff mail D-vice (Sep 14)
- Re: Plain Text Password Disclosure vulnerability in rediff mail Dan Kaminsky (Sep 10)
- <Possible follow-ups>
- Re: Plain Text Password Disclosure vulnerability in rediff mail full-censorship (Sep 11)
- Re: Plain Text Password Disclosure vulnerability in rediff mail Valdis . Kletnieks (Sep 11)
- Re: Plain Text Password Disclosure vulnerability in rediff mail full-censorship (Sep 11)
- Re: Plain Text Password Disclosure vulnerability in rediff mail Rohit Patnaik (Sep 11)