Print Page | Close Window

Password Sensitivity

Printed From: Mirage Source
Category: Tutorials
Forum Name: Approved Tutorials
Forum Discription: All tutorials shown to actually work with MSE are moved here.
URL: http://ms.shannaracorp.com/backup-forums/forum_posts.asp?TID=36
Printed Date: 20 December 2006 at 6:01pm
Software Version: Web Wiz Forums 8.01 - http://www.webwizforums.com


Topic: Password Sensitivity
Posted By: Sync
Subject: Password Sensitivity
Date Posted: 07 February 2006 at 5:45pm
Originally posted by Baltan

ServerSide:

look at you're PasswordOK function:

Function PasswordOK(ByVal Name As String, ByVal Password As String) As Boolean
Dim FileName As String
Dim RightPassword As String

    PasswordOK = False
    
    If AccountExist(Name) Then
        FileName = App.Path & "\Accounts\" & Trim(Name) & ".ini"
        RightPassword = GetVar(FileName, "GENERAL", "Password")
        
        If UCase(Trim(Password)) = UCase(Trim(RightPassword)) Then
              PasswordOK = True
        End If
    End If
End Function


This is VERY VERY bad security

Why do you ask?

it says that

password = PassWord = PaSsWoRd = PASSWORD

Case insensitivity, :|

Case Sensitive passwords are hundreds of times harder and longer to BruteForce or DictionaryHack

So lets change that up eh?

Function PasswordOK(ByVal Name As String, ByVal Password As String) As Boolean
Dim FileName As String
Dim RightPassword As String

    PasswordOK = False
    
    If AccountExist(Name) Then
        FileName = App.Path & "\Accounts\" & Trim(Name) & ".ini"
        RightPassword = GetVar(FileName, "GENERAL", "Password")
        
        If Trim(Password) = Trim(RightPassword) Then
              PasswordOK = True
        End If
    End If
End Function


Replies:
Posted By: Sync
Date Posted: 07 February 2006 at 5:45pm
Approved


Print Page | Close Window

Bulletin Board Software by Web Wiz Forums version 8.01 - http://www.webwizforums.com
Copyright ©2001-2006 Web Wiz Guide - http://www.webwizguide.info