[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] IpSwitch IMail Server <= ver 8.1 User Password

To: Adik <netninja@xxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] IpSwitch IMail Server <= ver 8.1 User Password
From: Anonymous <cripto@xxxxxxx>
Date: Tue, 17 Aug 2004 04:35:09 +0200 (CEST)

From eEye's "darker" days:

http://www.w00w00.org/advisories/imailpass.html

At 11:18 PM 8/16/2004 +0600, Adik wrote:
>Hi fellaz,
>
>IpSwitch IMail Server version up to 8.1 uses weak encryption algorithm to
>encrypt its user passwords. Have a look at attached proof of concept tool,
>which will decrypt user password from local machine instantly.
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] IpSwitch IMail Server <= ver 8.1 User Password
  - From: Scott Phelps

Prev by Date: Re: [Full-Disclosure] lame bitching about products
Next by Date: [Full-Disclosure] re: lame bitching about sp2
Previous by thread: [Full-Disclosure] Ludger Klostermann/Marl/Degussa/DE ist außer Haus.
Next by thread: RE: [Full-Disclosure] IpSwitch IMail Server <= ver 8.1 User Password
Index(es):
- Date
- Thread