Full Disclosure mailing list archives

Re: Plain Text Password Disclosure vulnerability in rediff mail

From: awf awf <lol-wut-hurr () live com>
Date: Thu, 10 Sep 2009 11:36:09 -0400


And?  Every web application sends passwords as plain text unless they are using SSL.  Pretty much any "encryption" that 
they may do client side that isn't SSL is meaningless.  I hardly see how being able to sniff passwords from a site that 
isn't using SSL is big news.

_________________________________________________________________
Windows Live: Make it easier for your friends to see what you’re up to on Facebook.
http://windowslive.com/Campaign/SocialNetworking?ocid=PID23285::T:WLMTAGL:ON:WL:en-US:SI_SB_facebook:082009

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Plain Text Password Disclosure vulnerability in rediff mail awf awf (Sep 10)
- Re: Plain Text Password Disclosure vulnerability in rediff mail Dan Kaminsky (Sep 10)
  - Re: Plain Text Password Disclosure vulnerability in rediff mail dramacrat (Sep 10)
  - Re: Plain Text Password Disclosure vulnerability in rediff mail D-vice (Sep 11)
    - Re: Plain Text Password Disclosure vulnerability in rediff mail Valdis . Kletnieks (Sep 11)
    - Re: Plain Text Password Disclosure vulnerability in rediff mail D-vice (Sep 14)
- <Possible follow-ups>
- Re: Plain Text Password Disclosure vulnerability in rediff mail full-censorship (Sep 11)
  - Re: Plain Text Password Disclosure vulnerability in rediff mail Valdis . Kletnieks (Sep 11)
- Re: Plain Text Password Disclosure vulnerability in rediff mail full-censorship (Sep 11)
  - Re: Plain Text Password Disclosure vulnerability in rediff mail Rohit Patnaik (Sep 11)
    - Re: Plain Text Password Disclosure vulnerability in rediff mail mrx (Sep 11)

(Thread continues...)