Hi guys,
OpenSRS leaks customer passwords in plaintext ! I was there - these guys started a program which monitors network traffic and used another computer to bring up the reseller page. They clicked on the link for sending the login information, typed in the other company's name and in seconds the network monitoring program showed the reseller password for that company !! They went in and were able to see *ALL THEIR RECORDS*, *ALL THEIR CUSTOMERS AND CUSTOMER RECORDS*! I was really stumped when they showed me that *THEY CAN NOW CHANGE THIS COMPANY'S CUSTOMER RECORDS - EVEN "UNLOCK" THEIR DOMAINS* like for transfers away from them, etc !!! I don't know how long this has been. I asked how did they manage to decrypt that information, and they said they didn't !! They said that OpenSRS just doesn't care - they don't even use PGP, they just send passwords in plaintext. OpenSRS, I think you want to fix this faaaaaaaast !!! Mark.
