| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <148440000.1062637789@localhost> From: pauls at utdallas.edu (Paul Schmehl) Subject: SMC Router safe Login in plaintext --On Wednesday, September 03, 2003 17:14:04 -0500 "C. Church" <cchurch@...rtlogic.net> wrote: > > Did you read what you just said? How many ISPs have you called where they > would "Tell you what your password is"? If your ISP can tell you what > your password is, let us know who it is, so we can all avoid them in the > future. > SBCGlobal.net, ATT.net to name two big ones. > Answer: they don't need to know your old password to change your password. > It's called permissions, and privileged access. As root, or a priveleged > user, I can change anyone's password without having to know the old one. > <sarcasm mode="on">No, really? I would have never guessed.</sarcasm> > Think about it. OK, I thought about it. Now what do I do? BTW, when I say "tell you what your password is", what I mean is something like this, "Mr. Schmehl, your password is 1234qwer. Are you sure you're typing it right?" Doh! Paul Schmehl (pauls@...allas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu
Powered by blists - more mailing lists