Vulnerability Development mailing list archives
Re: Apache ap_getpass vulnerability
From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Wed, 8 Nov 2000 21:30:54 +0100
signing stuff is done using another interface. That would be a worthy challenge to hack remotely from network eh? ;).
Mayhap not. E.g if it performs requested RSA calculations only, with no sanity checks or insuffient ones, there are known attacks. A team of crypographers could penetrate it. Flawed RSA products do exists, RSA's own PKI suit was flawed some versions ago (quite some media attention a few years back). An interesting question is, are most SSL products developed by merely software/hdl coders, or are they inspected by cryptographers? And is the SSL "black-box" configurable? If so is that interface truely secure? I'm not saying that there are flaws in any mayor SSL product, but I think one should note that they *may* be flawed. "Black boxes" aren't always as secure as one might think. In principle, it's an good idea though, to move private keys out of webserver memory. ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team http://www.eff.org/cafe
Current thread:
- Re: Apache ap_getpass vulnerability, (continued)
- Re: Apache ap_getpass vulnerability Simon Tamás (Nov 07)
- Re: Apache ap_getpass vulnerability Peter Pentchev (Nov 05)
- Re: Apache ap_getpass vulnerability Simon Tamás (Nov 04)
- Re: Apache ap_getpass vulnerability Peter Pentchev (Nov 05)
- Re: Apache ap_getpass vulnerability Carson Gaspar (Nov 06)
- Re: Apache ap_getpass vulnerability Jon Paul, Nollmann (Nov 06)
- Re: Apache ap_getpass vulnerability Carson Gaspar (Nov 06)
- Re: Apache ap_getpass vulnerability Michael H. Warfield (Nov 07)
- Re: Apache ap_getpass vulnerability Jon Paul, Nollmann (Nov 07)
- Re: Apache ap_getpass vulnerability Lincoln Yeoh (Nov 08)
- Re: Apache ap_getpass vulnerability Bluefish (P.Magnusson) (Nov 10)
- Re: Apache ap_getpass vulnerability Bluefish (P.Magnusson) (Nov 06)