Vulnerability Development mailing list archives
Re: Plain text password for Microsoft (icwip.dun)
From: Knud Erik Højgaard <kain () egotrip dk>
Date: Tue, 9 Jul 2002 22:58:36 +0200
From: "Roland Postle" <mail () blazde co uk> Subject: Re: Plain text password for Microsoft (icwip.dun)
'Storing' the password in encrypted form would be quite easy to
accomplish,
and it would at least stop the casual snooper. You could argue that the
same
passwords /are/ encrypted when they're put in the registry, so why not in .ins files too? It increases the security a tad.
It protects against the casual snooper, agreed, but a determined attacker bypasses this.. there are numerous tools for extracting 'encrypted' dial-up passwords etc. from the registry.
Anyway, for a complete solution I think we should wait for... Palladium
and
TCPA-based modems.
You go that way, I'll go this. See you there. -Knud
Current thread:
- Plain text password for Microsoft (icwip.dun) Steven Jones (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Roland Postle (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Knud Erik Højgaard (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Roland Postle (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Knud Erik Højgaard (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) hellNbak (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Valdis . Kletnieks (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) hellNbak (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Blue Boar (Jul 09)
- Palladium dullien (Jul 10)
- Malicious COM Surrogates Jason Coombs (Jul 29)
- Re: Plain text password for Microsoft (icwip.dun) Roland Postle (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Joerg Mayer (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Juan M. Courcoul (Jul 10)
- Re: Plain text password for Microsoft (icwip.dun) Deus, Attonbitus (Jul 10)
- Re: Plain text password for Microsoft (icwip.dun) Ron DuFresne (Jul 10)