Password Snooping

• tcpdump/snoop/sniffit/etc

• Affected services: telnet/rlogin/pop/imap/ftp/nttp/http...

• Microsoft's wrong solution

• Challenge response protocols (CHAP/APOP)

• Security by obscurity: password obfuscation

• ftp://ftp.isi.edu/in-notes/rfc1734.txt

• Server: +OK POP3 oxygen.su.varesearch.com v6.50 server ready

• Client: AUTH

• Server: +OK Supported authentication mechanisms:

• LOGIN

• Client: AUTH LOGIN

• Server: + VXNlciBOYW1lAA== ("Username:" in base64)

• Client: edGdcg== (user login in base64)

• Server: + UGFzc3dvcmQA ("Password:" in base64)

• Client: YaRokWDyUWdn (cleartext password in base64)

• Server: +OK

• Mailbox open, 1788 messages