Mailing List SIMS@mail.stalker.com Message #15507
From: Bill Cole <listbill@scconsult.com>
Subject: Re: Authentication
Date: Fri, 20 Jul 2007 08:01:14 -0400
To: SIMS Discussions <SIMS@mail.stalker.com>
At 1:16 AM -0400 7/20/07, Paul Galati  imposed structure on a stream of electrons, yielding:
Can someone explain what happened here? 04:49:16 concerns me the most.  He
only got 10 messages or so before I disabled the account.  Did he guess
the username and password?

Yes.

That was not so hard. It looks like your user "dan" is a fool. His password was "1234"

The AUTH LOGIN method is essentially open user ID and password sent in the clear except for base64 encoding to protect them from transport clobbering. SIMS logs the encoded password, and the snippet you included showed it.



--
Bill Cole
bill@scconsult.com

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster