[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Nessus stores credentials in plain text

To: ~Kevin Davis³ <computerguy@xxxxxxxxxx>
Subject: Re: [Full-Disclosure] Nessus stores credentials in plain text
From: Raymond Morsman <raymond@xxxxxxx>
Date: Sat, 27 Mar 2004 10:08:17 +0100

On Sat, 2004-03-27 at 06:01, ~Kevin Davis³ wrote:
> I have posted this issue to a couple entities like bugtraq and CERT
> with no response.  I mentioned this issue to an organization

And so it should be. These are not vulnerabilities in the pure sense of
the word.

What you call credentials are nothing more than system data for Nessus
and therefore not an issue for Nessus.

You can't use MD5 on systemdata. 

However, I must agree that it would be nice if this information would be
encrypted with the users password.

Raymond.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Nessus stores credentials in plain text
  - From: ~Kevin Davis³

References:
- [Full-Disclosure] Nessus stores credentials in plain text
  - From: ~Kevin Davis³

Prev by Date: Re: [Full-Disclosure] E-mail virus free tags (Was: SHUT THE F**K UP)
Next by Date: Re: [Full-Disclosure] Possible Virus - and what type?
Previous by thread: [Full-Disclosure] Nessus stores credentials in plain text
Next by thread: Re: [Full-Disclosure] Nessus stores credentials in plain text
Index(es):
- Date
- Thread