[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] IpSwitch IMail Server <= ver 8.1 User Password

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] IpSwitch IMail Server <= ver 8.1 User Password
From: "Scott Phelps" <scottp@xxxxxxxxxxxxxxx>
Date: Tue, 17 Aug 2004 08:52:10 -0400

At one time, the command line utility to do this was actually linked from
Ipswitches "third parties utilities" web site.

-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Anonymous
Sent: Monday, August 16, 2004 10:35 PM
To: Adik; full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] IpSwitch IMail Server <= ver 8.1 User
Password

From eEye's "darker" days:

http://www.w00w00.org/advisories/imailpass.html

At 11:18 PM 8/16/2004 +0600, Adik wrote:
>Hi fellaz,
>
>IpSwitch IMail Server version up to 8.1 uses weak encryption algorithm to
>encrypt its user passwords. Have a look at attached proof of concept tool,
>which will decrypt user password from local machine instantly.
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] IpSwitch IMail Server <= ver 8.1 User Password
  - From: Anonymous

Prev by Date: [Full-Disclosure] Re: IpSwitch IMail Server <= ver 8.1 User Password Decryption
Next by Date: RE: [Full-Disclosure] lame bitching about xpsp2
Previous by thread: Re: [Full-Disclosure] IpSwitch IMail Server <= ver 8.1 User Password
Next by thread: [Full-Disclosure] re: lame bitching about sp2
Index(es):
- Date
- Thread