lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <71C9CA4800E9FF44A8C78E1FCD602B9C68CD93@exchange.positiveplace.org> From: broemhild at positiveplace.org (Bill Roemhild) Subject: IpSwitch IMail Server <= ver 8.1 User Password Decryption This has been well documented. I remember a tool from 2002 that would decrypt the hash from command line. printf ("IMail Password Decryptor\n"); printf ("Usage: %s <account name> <encrypted string>\n", name); printf ("E.g., %s crypto CCE5DFE5E2\n ^^^^^^^^^^---CAPITAL LETTERS\n\n", name); printf ("This information is found in the registry at:\n HKEY_LOCAL_MACHINE\\SOFTWARE\\Ipswitch\\IMail\\Domains\n"); Bill -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Adik Sent: Monday, August 16, 2004 10:19 AM To: full-disclosure@...ts.netsys.com Cc: bugtraq@...urityfocus.com Subject: [Full-Disclosure] IpSwitch IMail Server <= ver 8.1 User Password Decryption Hi fellaz, IpSwitch IMail Server version up to 8.1 uses weak encryption algorithm to encrypt its user passwords. Have a look at attached proof of concept tool, which will decrypt user password from local machine instantly. ---
Powered by blists - more mailing lists