[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Nessus stores credentials in plain text

To: ~Kevin Davis³ <computerguy@xxxxxxxxxx>
Subject: Re: [Full-Disclosure] Nessus stores credentials in plain text
From: Raymond Morsman <raymond@xxxxxxx>
Date: Sun, 28 Mar 2004 23:27:18 +0200

On Sat, 2004-03-27 at 17:47, ~Kevin Davis³ wrote:
> Many people would disagree that storing passwords in plaintext is not a
> vulnerability.  This includes entities like ISS who were doing the same
> thing and once realized it changed it.  I don't see how a plaintext username
> and
> password is simply "system data" and not also credentials.  And guess what?
> Nessus itself has several plugins that check for plaintext passwords in
> other applications.

Q: Does Nessus use this data for its own persona-check?
A: No, it uses it for client connections.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Nessus stores credentials in plain text
  - From: ~Kevin Davis³

References:
- Re: [Full-Disclosure] Nessus stores credentials in plain text
  - From: ~Kevin Davis³

Prev by Date: Re: [Full-Disclosure] mirc 6.14
Next by Date: Re: [Full-Disclosure] Cronning Update Jobs <- really a bad idea in Portage
Previous by thread: Re: [Full-Disclosure] Nessus stores credentials in plain text
Next by thread: Re: [Full-Disclosure] Nessus stores credentials in plain text
Index(es):
- Date
- Thread