LISTSERV - HP3000-L Archives

HP3000-L Archives

January 1998, Week 3

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L January 1998, Week 3

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	FW: VT logons in clear text?
From:	Ken Sletten B894 C312 x62525 <[log in to unmask]>
Reply To:	Ken Sletten B894 C312 x62525 <[log in to unmask]>
Date:	Wed, 21 Jan 1998 12:14:00 P
Content-Type:	text/plain
Parts/Attachments:	text/plain (24 lines)

James Hofmeister answers Jim Wowchuk:

>> Can someone advise what the status is of this problem?
>> VT logons used to send the password across the network
>> in clear text, not encrypted.  Is that still the case, and if not
>> what release/patch remedied it?  If not the case, is anyone
>> doing something about this to eliminate it?

> Yes, this is still the case.  SR 5003066878 was submitted in
> 1992 and little customer demand for this enhancement has been
> seen.  The SR was considered and the cost were found to be high
> in both HP code changes and the changes also impacted the 3rd
> party vars who code VT emulators.

James may be right about little overt customer demand so far, but
that still leaves us with a fundamentally unacceptable security
situation for 3000's that are not isolated behind very secure
firewalls.  Not being able to do encryption of at least passwords is
a serious flaw.  I'm not a network expert, but I've seen first hand
how easy it is to zero in on logon info flying across the wire in clear
text....

Ken Sletten

ATOM RSS1 RSS2

RAVEN.UTC.EDU