Meeting Maker Weak Password Encryption Vulnerability

Meeting Maker is a client-server scheduling application. The server is available for Solaris, Windows and Macintosh systems, and the client is Java-based and works in conjunction with any browser. Due to poor encryption of passwords while in transit, user credentials can be obtained by anyone sniffing the network.

The encryption used is proprietary, and involves polyalphabetic substitution. Once the algorithm is known, the passwords can be trivially decrypted.


Privacy Statement
Copyright 2010, SecurityFocus