lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <1080378497.13758.3.camel@localhost> From: raymond at dyn.org (Raymond Morsman) Subject: Nessus stores credentials in plain text On Sat, 2004-03-27 at 06:01, ~Kevin Davis? wrote: > I have posted this issue to a couple entities like bugtraq and CERT > with no response. I mentioned this issue to an organization And so it should be. These are not vulnerabilities in the pure sense of the word. What you call credentials are nothing more than system data for Nessus and therefore not an issue for Nessus. You can't use MD5 on systemdata. However, I must agree that it would be nice if this information would be encrypted with the users password. Raymond.
Powered by blists - more mailing lists