Vulnerability Development mailing list archives
Re: Secure Yahoo logins
From: John Madden <maddenj () skynet ie>
Date: Wed, 28 Aug 2002 00:54:38 +0100
On (27/08/02 22:10), Jeremy didst pronounce:
Well, to do a test I fired up ethereal and captured a session of me logging into a new yahoo account. What kind of suprised me is the password looks encrypted. My first guess was it was just base 64 mime encoded but that turned out to be wrong. Does anyone have any idea on how they encrypt their passwords or have any tools that will try and crack the passwords.
I remember trying that here using arpspoof and dsniff. It captured the URL that was being used. From what I remember, the password was MD5 encrypted, and it said so in the URL. But, that said, there's no need to decrypt the password. Just paste that URL into your browser and it'll bring you directly into the persons yahoo email account.
My other question is if the passwords are encrypted why do they offer a secure login option? How does that increase security, other than adding a brief ssl session.
I think I already covered this above -- because you don't need to know the password to log into their email account, you only need the URL that was sent. -- Chat ya later, John. -- BOFH excuse #157: Incorrect time syncronization
Current thread:
- Secure Yahoo logins Jeremy (Aug 27)
- Re: Secure Yahoo logins Roland Postle (Aug 27)
- Re: Secure Yahoo logins David Schwartz (Aug 27)
- Re: Secure Yahoo logins John Madden (Aug 27)
- Re: Secure Yahoo logins Roland Postle (Aug 28)
- Re: Secure Yahoo logins Nick Jacobsen (Aug 27)
- Re: Secure Yahoo logins David Thiel (Aug 27)
- Re: Secure Yahoo logins Nick Jacobsen (Aug 28)
- Re: Secure Yahoo logins David Thiel (Aug 28)
- Re: Secure Yahoo logins Steve Bremer (Aug 28)
- Re: Secure Yahoo logins David Thiel (Aug 27)
- Re: Secure Yahoo logins Roland Postle (Aug 27)
- <Possible follow-ups>
- Re: Secure Yahoo logins Alan McCaig (Aug 28)
- Re: Secure Yahoo logins Chris Caydes (Aug 28)
- Re: Secure Yahoo logins Chris Caydes (Aug 28)
- RE: Secure Yahoo logins Kayne Ian (Softlab) (Aug 29)