[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Plain Text Password Disclosure vulnerability in rediff mail

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Plain Text Password Disclosure vulnerability in rediff mail
From: awf awf <lol-wut-hurr@xxxxxxxx>
Date: Thu, 10 Sep 2009 11:36:09 -0400

And?  Every web application sends passwords as plain text unless they are using 
SSL.  Pretty much any "encryption" that they may do client side that isn't SSL 
is meaningless.  I hardly see how being able to sniff passwords from a site 
that isn't using SSL is big news.

_________________________________________________________________
Windows Live: Make it easier for your friends to see what you’re up to on 
Facebook.
http://windowslive.com/Campaign/SocialNetworking?ocid=PID23285::T:WLMTAGL:ON:WL:en-US:SI_SB_facebook:082009

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Plain Text Password Disclosure vulnerability in rediff mail
  - From: Dan Kaminsky

Prev by Date: [Full-disclosure] ZDI-09-065: Mozilla Firefox TreeColumns Dangling Pointer Vulnerability
Next by Date: Re: [Full-disclosure] Plain Text Password Disclosure vulnerability in rediff mail
Previous by thread: [Full-disclosure] ZDI-09-065: Mozilla Firefox TreeColumns Dangling Pointer Vulnerability
Next by thread: Re: [Full-disclosure] Plain Text Password Disclosure vulnerability in rediff mail
Index(es):
- Date
- Thread