Vulnerability Development mailing list archives
Re: xml over https
From: Mads Rasmussen <mads () opencs com br>
Date: Thu, 10 Feb 2005 10:25:11 -0300
Burke, Charles wrote:
This web services was not using WS Security was it? I am assuming the xml encryption was custom or was it provided by WSE?
No WS security, not even webservices ;-)Just simple encryption (a .dll doing 3des encryption) of specific XML fields in an XML file, transported between the client and the server via https
No encryption mode, that is ECB basically.As I said, I did a small application calling their routine to decrypt the fields without specifying the key.
Mads
Current thread:
- xml over https Mads Rasmussen (Feb 02)
- <Possible follow-ups>
- RE: xml over https Butler, Theodore (Feb 05)
- Re: xml over https Mads Rasmussen (Feb 05)
- Re: xml over https Barnett E. Kurtz (Feb 07)
- RE: xml over https Burke, Charles (Feb 07)
- Re: xml over https Mads Rasmussen (Feb 11)