I find it hard to believe, but natural selection has apparently not weeded out one of the most brain-dead web authentication methods yet.
The winner is... D-Link. Its latest series of cheap VPN routers, ADSL gateways and access points verify passwords with javascript. The passwords are stored in clear text. Granted, this only happens when you try to change current password, but that doesn't mean it's not one of the dumbest security breaches. I have this gaping hole in my DSL-2640, and I'm sure they won't fix it any time soon... _______________________________________________ freebsd-chat@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-chat To unsubscribe, send any mail to "[EMAIL PROTECTED]"
