RETURN $ecure;

Security, Technology and Life

PowWeb passwords

with one comment

Just another rant about a remotely possible scenario. Earlier this week I had forgotten the password to the control panel of one of my sites. I went to recover the password and found out to my dismay, that you can use domains to actually change the password. I was curious so I put my domain in. I found out that my password was instantly changed to jibberish. This normally wouldn’t be a huge deal, but this host’s master ftp/sql/etc accounts are based off this same password, so if you used them for anything…they now are totally non-functional until you change your password and the scripts that use it. The password change form declares that I can’t use previous passwords(DO THEY KEEP A LOG!?). So, I can’t simply change it back and have all my stuff working again. That would be a weird DoS, eh? Write a script to automate this process and eat up all of the victims common passwords, while needing them to change a bunch of config files all the time. Sure, they can prevent it from simply creating alternate accounts for ftp and whatnot, but it’s still weird.

Advertisements

Written by Rodney G

05/20/2008 at 9:09 am

Posted in Security

Tagged with , ,

One Response

Subscribe to comments with RSS.

  1. Hi,

    I am an independent research analyst in the IT industry, currently researching on web application security. During my research, I came across your blog and believe that your insights can be of great help to me.

    Specifically, I am finding out the cost to benefit ratio of investing in web application security by mid sized e-commerce companies. Also, the research includes the efficacy of the in-house application development team to address vulnerabilities in web applications (both static and dynamic). I would appreciate any help I can get.

    Can you please suggest a good way to go ahead with this ?

    Looking forward to your response.

    Thanking you,

    Trivikram Chausalkar

    Trivikram Chausalkar

    09/27/2012 at 7:07 am


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: