Re: Nessus wx-1.4.5a communication protocol tracer password revelation

Kevin Davis Tue, 08 Mar 2005 04:00:59 -0800

So you expect the user to be competent enough to do something like encrypt the .nessusrc files or put them on portable storage on their own (after finding out they are stored in plaintext on their own) but not competent enough to make sure someone is not looking over their shoulder when they are entering passwords in the GUI?

----- Original Message ----- From: "Michel Arboi" <[EMAIL PROTECTED]> To: "Kevin Davis" <[EMAIL PROTECTED]> Cc: <[email protected]> Sent: Tuesday, March 08, 2005 5:59 AM Subject: Re: Nessus wx-1.4.5a communication protocol tracer password revelation

On Tue Mar 08 2005 at 03:22, Kevin Davis wrote:
Also why bother obfuscating the credentials in the GUI if they are
being stored locally in plaintext?
Because GUI is visible on a screen and anybody could look over the shoulder of the Nessus operator.


_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus

Re: Nessus wx-1.4.5a communication protocol tracer password revelation

Reply via email to