Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
BackWeb - Password issue (used by NAI for Corporate customer notification).
- To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
- Subject: BackWeb - Password issue (used by NAI for Corporate customer notification).
- From: "Vale Steve, Barclays Life" <Steve.ValeBARCLAYS.CO.UK>
- Date: Thu, 24 Dec 1998 16:21:00 GMT
- Approved-By: Russ.CooperRC.ON.CA
- Encoding: 29 TEXT
- Reply-To: "Vale Steve, Barclays Life" <Steve.ValeBARCLAYS.CO.UK>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
Hi Guys. This may be old news to many of you, but it's new to me, so here we go. Dr Solomon's will now be distributing alert & update notifications to corporate customers using BackWeb to effectively "push" such notifications to their customers. I downloaded & installed the BackWeb client, noting that it required a username & password for access through a Proxy server (as per our set-up). Seeing as our Proxy servers validate Internet access via our NT accounts (& as my account carries administrator rights), I initially entered a dummy account & then immediately checked in the registry. Sure enough, there was my dummy username & password in CLEAR TEXT under HKEY_CURRENT_USER\Software\Backweb\Backweb\Communication. All you admins out there using similar proxy authentication should beware!! I've used a separate non admin account for this purpose, & have submitted a request to the authors to change BackWeb to enable it to request a username/password at start-up if required, but I'm not holding my breath. Regards, Steven Vale. Barclays Life. Internet communications are not secure and therefore the Barclays Group does not accept legal responsibility for the contents of this message. Any views or opinions presented are solely those of the author and do not necessarily represent those of the Barclays Group unless otherwise specifically stated.