Jefferson Ogata <[EMAIL PROTECTED]> wrote:
# I have also noticed a problem with Network Solutions' handling of
# passwords for CRYPT-PW authentication: when you submit the password
# initially, the form they generate with their New Contact Form web
# system runs the password you enter through crypt(), but the first
# two characters of the encrypted value (the salt) are the same as the
# first two characters of the password, indicating they use the
# password as its own salt.
I originally found this and reported it to them in 1996. Since then,
I've sent them numerous emails and called them four or five times.
Each time, I was told that "it would be looked into." So, here it is
three years later. Yay.
http://www.securityfocus.com/templates/archive.pike?list=1&date=1996-10-8&[EMAIL PROTECTED]
/Sean/
