Penetration Testing mailing list archives
Cryptocard database
From: John Madden <chiwawa999 () yahoo com>
Date: Wed, 16 Feb 2005 12:19:26 -0800 (PST)
Hi, Doing an internal pen-test for a company i came across a mysql db that contains the Cryptocard tokens database (root with no password) The most interesting table (duh !!!) is the "EncryptedKey". Obviously this is not good. I made the usual recommandation to secure the db but i was curious to know if any one had experience with Cryptocard tokens and what is uses to encrypt that field. I presume they use the PIN of each user...??? The size of the field is 48 characters (3DES ?) I would appreciate any info Thank you John __________________________________ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo
Current thread:
- Cryptocard database John Madden (Feb 17)
- Re: Cryptocard database Noel Rosenberg (Feb 21)
- Re: Cryptocard database Kurt Seifried (Feb 21)