Subject: | |
From: | |
Reply To: | |
Date: | Wed, 21 Jan 1998 12:14:00 P |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
James Hofmeister answers Jim Wowchuk:
>> Can someone advise what the status is of this problem?
>> VT logons used to send the password across the network
>> in clear text, not encrypted. Is that still the case, and if not
>> what release/patch remedied it? If not the case, is anyone
>> doing something about this to eliminate it?
> Yes, this is still the case. SR 5003066878 was submitted in
> 1992 and little customer demand for this enhancement has been
> seen. The SR was considered and the cost were found to be high
> in both HP code changes and the changes also impacted the 3rd
> party vars who code VT emulators.
James may be right about little overt customer demand so far, but
that still leaves us with a fundamentally unacceptable security
situation for 3000's that are not isolated behind very secure
firewalls. Not being able to do encryption of at least passwords is
a serious flaw. I'm not a network expert, but I've seen first hand
how easy it is to zero in on logon info flying across the wire in clear
text....
Ken Sletten
|
|
|