Re: [w00giving '99 #11] IMail's password encryption scheme

[mikael.olsson () ENTERNET SE (Mikael Olsson)]

It would seem that the best solution is to NOT try fixing the
red herring (crypto with locally stored key) problem.

The better solution would be to set the access rights
for the registry keys in question to only allow the user
running the IMail daemons, and the users that are supposed
to be able to locally administrate IMail.

Am I right or am I right?

(Btw, you can do this yourself; you don't have to wait
for ipswitch to release a fix)

/Mike

Steven Alexander wrote:
> Ipswitch doesn't seem to get the point.  This scheme is is only slightly
> different than their old one(for version 4.X) which I released an advisory
> about many months ago.
>
> -steven

--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 105 50           Fax: +46 (0)660 122 50
Mobile: +46 (0)70 248 00 33
WWW: http://www.enternet.se        E-mail: mikael.olsson () enternet se