Cryptocard database

[John Madden <chiwawa999 () yahoo com>]

Hi,

Doing an internal pen-test for a company i came across
a mysql db that contains the Cryptocard tokens
database (root with no password) 

The most interesting table (duh !!!) is the
"EncryptedKey". Obviously this is not good. I made the
usual recommandation to secure the db but i was
curious to know if any one had experience with
Cryptocard tokens and what is uses to encrypt that
field. I presume they use the PIN of each user...???

The size of the field is 48 characters (3DES ?)

I would appreciate any info

Thank you

John


                
__________________________________ 
Do you Yahoo!? 
Take Yahoo! Mail with you! Get it on your mobile phone. 
http://mobile.yahoo.com/maildemo