[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-hackers] Re: savannah account
|
From: |
Thomas Bushnell, BSG |
|
Subject: |
[Savannah-hackers] Re: savannah account |
|
Date: |
24 Aug 2002 12:42:43 -0700 |
|
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 |
Mathieu Roy <address@hidden> writes:
> I do not get the point. Not so strange, I'm not author of the
> registration procedure.
> I you've found a security hole, please submit a bug report with
> details or, why not, send us a patch.
Anyone who can sniff the outgoing traffic from savannah can steal the
password of anyone they like by listening for the email message with
the magic hash key and following the link.
Anyone who can figure out the hash function can steal the password of
anyone they like even if they can't sniff on the email message. Since
any user can generate hash samples at will, it's surely not too hard
to do this.
Thomas
- [Savannah-hackers] savannah account, Thomas Bushnell, BSG, 2002/08/22
- [Savannah-hackers] Re: savannah account, Mathieu Roy, 2002/08/22
- [Savannah-hackers] Re: savannah account, Thomas Bushnell, BSG, 2002/08/22
- [Savannah-hackers] Re: savannah account, Mathieu Roy, 2002/08/23
- [Savannah-hackers] Re: savannah account, Mathieu Roy, 2002/08/23
- [Savannah-hackers] Re: savannah account, Thomas Bushnell, BSG, 2002/08/23
- [Savannah-hackers] Re: savannah account, Mathieu Roy, 2002/08/24
- [Savannah-hackers] Re: savannah account,
Thomas Bushnell, BSG <=
- [Savannah-hackers] Re: savannah account, Mathieu Roy, 2002/08/24
- [Savannah-hackers] Re: savannah account, Thomas Bushnell, BSG, 2002/08/24
- [Savannah-hackers] Re: savannah account, Mathieu Roy, 2002/08/24
- [Savannah-hackers] Re: savannah account, Thomas Bushnell, BSG, 2002/08/24
- [Savannah-hackers] Re: savannah account, Thomas Bushnell, BSG, 2002/08/26
[Savannah-hackers] Re: savannah account, Thomas Bushnell, BSG, 2002/08/26
[Savannah-hackers] Re: savannah account, Thomas Bushnell, BSG, 2002/08/26