<<< Date Index >>>     <<< Thread Index >>>

Re: Security vulnerability in APOP authentication



Gaëtan LEURENT wrote on 14 Mar 2007 15:53:36 +0100:

> I found a security vulnerability in the APOP authentication.  It is
> related to recent collision attacks by Wang and al. against MD5.

Does somebody care about this, are you all busy reinventing Unix's
$PATH?

By the way, what's the next step?  Messing around $LD_LIBRARY_PATH and
$LD_PRELOAD?  You know, these are global configuration variable, what's
in here should be here for a reason.  It offers many creative ways of
shooting yourself in the foot, but it also offers many useful way of
solving real-life problems.  If you're not confident in what's in the
$PATH, just don't use the computer.  And if you want a specific $PATH
for mutt, that's easy to do with a wrapper script.  But if every program
has it's own idea of the PATH it's a real nightmare for everybody.

[Sorry for the first broken version of this message]

-- 
Gaëtan LEURENT