[quake3-bugzilla] [Bug 4810] Using a MD5 hash instead of clear-text password
bugzilla-daemon at icculus.org
bugzilla-daemon at icculus.org
Mon Mar 7 17:15:45 EST 2011
https://bugzilla.icculus.org/show_bug.cgi?id=4810
Thilo Schulz <arny at ats.s.bawue.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WONTFIX
--- Comment #3 from Thilo Schulz <arny at ats.s.bawue.de> 2011-03-07 17:15:38 EST ---
I'm sorry, I have decided to not apply this. I'm afraid this will just bloat
the feature list of ioquake3. Ioquake3 is not a very secure protocol by design.
If you can sniff a client connection, you can use the MD5 password during the
session where it is valid (speak: the legitimate client is still connected) to
change the rcon password to anything you like.
--
Configure bugmail: https://bugzilla.icculus.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the quake3-bugzilla
mailing list