[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards

To: full-disclosure@xxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards
From: Seth Breidbart <sethb@xxxxxxxxx>
Date: Thu, 5 Aug 2004 23:51:07 -0400 (EDT)

"Kevin Sheldrake" <kev@xxxxxxxxxxxxxxxxx> wrote:

> Ignoring the initial expense for a moment, wouldn't it have made a
> lot of sense to include the keypad actually on the cards?
> Obviously, card readers would need to be contructed such that the
> keypad part of the card would be exposed during use.

No, they wouldn't.  The card could remember the key typed on it for,
say, 60 seconds.

Seth

References:
- Clear text password exposure in Datakey's tokens and smartcards
  - From: vuln
- Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards
  - From: Lionel Ferette
- Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards
  - From: Toomas Soome
- Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards
  - From: Kevin Sheldrake

Prev by Date: Re: International DNS compromise?
Next by Date: Winmx Software making calls to Port 25
Previous by thread: Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards
Next by thread: Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards
Index(es):
- Date
- Thread