[ Usenet FAQs | Search | Web FAQs | Documents | RFC Index ]
Single Page
Top Document: comp.os.netware.security FAQ
Previous Document: 1.02 - Is the execute-only flag secure?
Next Document: 1.04 - Can the server be infected with a computer virus?
-
Search the FAQ Archives
Single Page
Top Document: comp.os.netware.security FAQ
Previous Document: 1.02 - Is the execute-only flag secure?
Next Document: 1.04 - Can the server be infected with a computer virus?
1.03 - Can a packet-sniffer capture passwords?
Since Novell NetWare 3, passwords are sent to the server encrypted
using a hashing function. The three password functions (Login,
Change password, Verify password) have a pretty secure protocol,
such that the information gathered by packet sniffers cannot be
used to reconstruct the event or determine the password.
Some very old software use the NetWare 2 unencrypted password calls.
These can be captured and used, since these passwords are sent in
plaintext.
Packet sniffers can capture just about all other information that
is transmitted on the LAN. This includes telnet/ftp passwords, etc.
Top Document: comp.os.netware.security FAQ
Previous Document: 1.02 - Is the execute-only flag secure?
Next Document: 1.04 - Can the server be infected with a computer virus?
Single Page
[ Usenet FAQs | Search | Web FAQs | Documents | RFC Index ]
Send corrections/additions to the FAQ Maintainer:
F.U.Mirza@sheffield.ac.uk (Fauzan Mirza)
Last Update September 05 2008 @ 00:15 AM