[quake3-bugzilla] [Bug 4810] Using a MD5 hash instead of clear-text password

bugzilla-daemon at icculus.org bugzilla-daemon at icculus.org
Mon Mar 7 17:15:45 EST 2011


Thilo Schulz <arny at ats.s.bawue.de> changed:

           What    |Removed                     |Added
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX

--- Comment #3 from Thilo Schulz <arny at ats.s.bawue.de> 2011-03-07 17:15:38 EST ---
I'm sorry, I have decided to not apply this. I'm afraid this will just bloat
the feature list of ioquake3. Ioquake3 is not a very secure protocol by design.
If you can sniff a client connection, you can use the MD5 password during the
session where it is valid (speak: the legitimate client is still connected) to
change the rcon password to anything you like.

Configure bugmail: https://bugzilla.icculus.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the quake3-bugzilla mailing list