On Nov 21, 2007, at 9:00 AM, Vernon A. Fort wrote: > Chris Hilts wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Vernon A. Fort wrote: > > > > > This is TRUE - it appears they did have the password but I am trying > to > find any know exploit in the authentication method. Looking at the > If you use HTTP for your login page instead of HTTPS, the username/ password is sent in the clear and is easily sniffable. -- Marc ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
