Date: Mon, 28 May 2007 20:52:02 +0400 From: "Andrew Pantyukhin" <infofarmer@FreeBSD.org> To: "FreeBSD Chat" <chat@freebsd.org>, "Anton Alekseev" <alekseev.a@gubkin.ru> Subject: javascript-based password verification Message-ID: <cb5206420705280952q19854374o37d65820f02fb80d@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I find it hard to believe, but natural selection has apparently not weeded out one of the most brain-dead web authentication methods yet. The winner is... D-Link. Its latest series of cheap VPN routers, ADSL gateways and access points verify passwords with javascript. The passwords are stored in clear text. Granted, this only happens when you try to change current password, but that doesn't mean it's not one of the dumbest security breaches. I have this gaping hole in my DSL-2640, and I'm sure they won't fix it any time soon...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cb5206420705280952q19854374o37d65820f02fb80d>