BugTraq
Clear text password exposure in Datakey's tokens and smartcards Aug 04 2004 05:08AM
vuln hexview com (1 replies)
Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Aug 04 2004 06:45AM
Lionel Ferette (lionel ferette belnet be) (1 replies)
Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Aug 04 2004 08:11PM
Toomas Soome (Toomas Soome microlink ee) (2 replies)
Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Aug 05 2004 01:03PM
Lee Dilkie (lee_dilkie mitel com) (1 replies)
Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Aug 06 2004 11:31AM
Kevin Sheldrake (kev electriccat co uk)
Not unless the card is stolen and the owner either doesn't notice
immediately or doesn't report it immediately. How many people will turn
up at work (for instance) claiming to have 'forgotton' their card rather
than report it lost, on the off chance they have actually misplaced it?
If the keys give access to money, reputation, authority or the like then
perhaps the size of the exposure window is important?

Kev

> Perhaps I'm missing something here. As far as I can tell, no keys
> located on the card were compromised, only the PIN was. Since this is a
> two factor authentication system, possession of the PIN is of little
> value without possession of the token itself.
>
> Am I missing the point here?
>
> regards,
>
> -lee
>

--
Kevin Sheldrake MEng MIEE CEng CISSP
Electric Cat (Bournemouth) Ltd

[ reply ]
Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Aug 05 2004 10:39AM
Kevin Sheldrake (kev electriccat co uk) (1 replies)
Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Aug 06 2004 03:51AM
Seth Breidbart (sethb panix com)


 

Privacy Statement
Copyright 2010, SecurityFocus