Re: Clear text password vulnerability

From: Gautam R. Singh (gautam.singh_at_gmail.com)
Date: 02/15/05

  • Next message: Alex Yan: "RE: Hidden windows ports, files and services."
    Date: Tue, 15 Feb 2005 10:36:54 +0530
    To: Harshil Parikh <harshil1110@gmail.com>
    
    

    Most webmail still use clear text. Preferably the password should be
    Hashed before sending. Or one may use HTTPS to encrypt the entire
    session.

    This is not a vulnerability though, but side effect of using HTTP coz
    it sends everything in cleartext.

    Regards
    ~gRs
    gautam.raj @ge.com

    On Mon, 14 Feb 2005 09:16:42 -0600, Harshil Parikh
    <harshil1110@gmail.com> wrote:
    > Hi,
    > I've been using a web based mail service for sometime. Yesterday I
    > was trying to figure out how the packet exchange occurs between the
    > client and the server by sniffing it. I wanted to know the forking off
    > to different servers for authentication purposes. However, I noticed
    > that the client side would send the password in clear text along with
    > the username. It uses a POST method for this. I think this is a big
    > vulnerability in the mail service. I wanted your opinion if I should
    > term this as a vulnerability or not and whether there is an exploit
    > for this or not. Also one of my friend adviced me to try and charge
    > money for figuring out this vulnerability. Should I go ahead with
    > contacting the sys admin for that ? also is there an
    > exploit that i can point out to the admin that can be used against them...
    > As far as i know..this clear text pwd can be exploited only for the =
    > users in same LAN. Is there any thing else that I can point out to the admin
    >
    > Thanks,
    > Harshil Parikh
    >

    -- 
    Gautam R. Singh
    http://www.google.com/search?q=gautam.singh%40gmail.com
    [mcp,ccna,cspfa,] t: +91 9885576081 | pgp:
    http://gautam.techwhack.com/key/ | ymsgr: er-333 | msn: ro0_@hotmail
    

  • Next message: Alex Yan: "RE: Hidden windows ports, files and services."

    Relevant Pages

    • [Full-disclosure] TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)
      ... the effectiveness and impact of this vulnerability. ... don't accept client-side renegotiations (server + openssl). ... came across major websites where the SSL loadbalancer in front of the HTTPS ... This attack leverages the known SSLStrip attack to also work on ...
      (Full-Disclosure)
    • TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)
      ... the effectiveness and impact of this vulnerability. ... don't accept client-side renegotiations (server + openssl). ... came across major websites where the SSL loadbalancer in front of the HTTPS ... This attack leverages the known SSLStrip attack to also work on ...
      (Bugtraq)
    • RE: Clear text password vulnerability
      ... Subject: Clear text password vulnerability ... client and the server by sniffing it. ... exploit that i can point out to the admin that can be used against ...
      (Security-Basics)
    • ASUS RT-N66U Router - HTTPS Directory traversal and full file access and credential disclosu
      ... ASUS RT-N66U when HTTPS WebService via AiCloud is enabled ... The vulnerability is that on many, if not on almost all N66U units ... SSLv3, TLS handshake, Client hello: ...
      (Bugtraq)
    • Php-Nuke:users and admins password hashes vulnerability
      ... An attacker can obtain password hashes for users and admins, using a particular SQL injection with cookies. ... To get the password hash of an user, the attacker just needs a valid account... ... To get the password hash of an admin, the attacker only needs to know the name of that admin, and needs that the Web_Links module should be active and with at least one link: NOTE: The attacker doesn't need a valid account, and can exploit the bug even if the Web_Links module is active only for registered members... ... This one is to check the user vulnerability: <?php //Test-script for PHP-NUKE Vulnerabilities: Bugsman made it, ...
      (Bugtraq)