Cryptocard database

From: John Madden (chiwawa999@yahoo.com)
Date: Wed Feb 16 2005 - 15:19:26 EST


Hi,

Doing an internal pen-test for a company i came across
a mysql db that contains the Cryptocard tokens
database (root with no password)

The most interesting table (duh !!!) is the
"EncryptedKey". Obviously this is not good. I made the
usual recommandation to secure the db but i was
curious to know if any one had experience with
Cryptocard tokens and what is uses to encrypt that
field. I presume they use the PIN of each user...???

The size of the field is 48 characters (3DES ?)

I would appreciate any info

Thank you

John

                
__________________________________
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mobile.yahoo.com/maildemo



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:16 EDT