Bugtraq mailing list archives
Re: [w00giving '99 #11] IMail's password encryption scheme
From: mikael.olsson () ENTERNET SE (Mikael Olsson)
Date: Wed, 22 Dec 1999 20:27:28 +0100
It would seem that the best solution is to NOT try fixing the red herring (crypto with locally stored key) problem. The better solution would be to set the access rights for the registry keys in question to only allow the user running the IMail daemons, and the users that are supposed to be able to locally administrate IMail. Am I right or am I right? (Btw, you can do this yourself; you don't have to wait for ipswitch to release a fix) /Mike Steven Alexander wrote:
Ipswitch doesn't seem to get the point. This scheme is is only slightly different than their old one(for version 4.X) which I released an advisory about many months ago. -steven
-- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK Phone: +46 (0)660 105 50 Fax: +46 (0)660 122 50 Mobile: +46 (0)70 248 00 33 WWW: http://www.enternet.se E-mail: mikael.olsson () enternet se
Current thread:
- [w00giving '99 #11] IMail's password encryption scheme Matt Conover (Dec 20)
- Re: [w00giving '99 #11] IMail's password encryption scheme Steven Alexander (Dec 21)
- Warning to Bugtraq posters. Steven Alexander (Dec 22)
- Re: Warning to Bugtraq posters. Richard M. Smith (Dec 23)
- Re: [w00giving '99 #11] IMail's password encryption scheme Mikael Olsson (Dec 22)
- Re: [w00giving '99 #11] IMail's password encryption scheme Steven Alexander (Dec 22)
- Re: [w00giving '99 #11] IMail's password encryption scheme Benjamin Congdon (Dec 22)
- Re: [w00giving '99 #11] IMail's password encryption scheme Steven Alexander (Dec 23)
- FYI, SCO Security patches available. Aaron Sigel (Dec 23)
- Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT Ussr Labs (Dec 22)
- Warning to Bugtraq posters. Steven Alexander (Dec 22)
- Lotus Notes HTTP cgi-bin vulnerability: possible workaround Bram Kerkhof (Dec 22)
- Re: [w00giving '99 #11] IMail's password encryption scheme Steven Alexander (Dec 21)