On 25.06.2018 12:02, Dimitry Sibiryakov wrote:
25.06.2018 10:35, Alex Peshkoff via Firebird-devel wrote:
Afraid you are wrong here. It helps an attacker to detect what plugin
is actually used by server (for example - srp or srp256) and use that
info to attack particular plugin later.
Does srp have non-theoretical vulnerability?
Bruteforce passwords over the wire. We are still missing any passwords
regulation (like min.length, UP/low letters, etc.) i.e. people can use
passwords like 'pass' and such things can be bruteforced.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
