Mirage Source :: View topic - Password Sensitivity

Originally posted by Baltan

ServerSide:

look at you're PasswordOK function:

Code:

Function PasswordOK(ByVal Name As String, ByVal Password As String) As Boolean
Dim FileName As String
Dim RightPassword As String

    PasswordOK = False
    
    If AccountExist(Name) Then
        FileName = App.Path & "\Accounts\" & Trim(Name) & ".ini"
        RightPassword = GetVar(FileName, "GENERAL", "Password")
        
        If UCase(Trim(Password)) = UCase(Trim(RightPassword)) Then
              PasswordOK = True
        End If
    End If
End Function

This is VERY VERY bad security

Why do you ask?

it says that

password = PassWord = PaSsWoRd = PASSWORD

Case insensitivity, :|

Case Sensitive passwords are hundreds of times harder and longer to BruteForce or DictionaryHack

So lets change that up eh?

Code:

Function PasswordOK(ByVal Name As String, ByVal Password As String) As Boolean
Dim FileName As String
Dim RightPassword As String

    PasswordOK = False
    
    If AccountExist(Name) Then
        FileName = App.Path & "\Accounts\" & Trim(Name) & ".ini"
        RightPassword = GetVar(FileName, "GENERAL", "Password")
        
        If Trim(Password) = Trim(RightPassword) Then
              PasswordOK = True
        End If
    End If
End Function

Author:	grimsk8ter11 [ Thu Jun 01, 2006 10:00 pm ]
Post subject:	Password Sensitivity
Originally posted by Baltan ServerSide: look at you're PasswordOK function: Code: Function PasswordOK(ByVal Name As String, ByVal Password As String) As Boolean Dim FileName As String Dim RightPassword As String PasswordOK = False If AccountExist(Name) Then FileName = App.Path & "\Accounts\" & Trim(Name) & ".ini" RightPassword = GetVar(FileName, "GENERAL", "Password") If UCase(Trim(Password)) = UCase(Trim(RightPassword)) Then PasswordOK = True End If End If End Function This is VERY VERY bad security Why do you ask? it says that password = PassWord = PaSsWoRd = PASSWORD Case insensitivity, :\| Case Sensitive passwords are hundreds of times harder and longer to BruteForce or DictionaryHack So lets change that up eh? Code: Function PasswordOK(ByVal Name As String, ByVal Password As String) As Boolean Dim FileName As String Dim RightPassword As String PasswordOK = False If AccountExist(Name) Then FileName = App.Path & "\Accounts\" & Trim(Name) & ".ini" RightPassword = GetVar(FileName, "GENERAL", "Password") If Trim(Password) = Trim(RightPassword) Then PasswordOK = True End If End If End Function

Author:	lordgivemick [ Fri Dec 22, 2006 12:23 am ]
Post subject:	Re: Password Sensitivity
grimsk8ter11 wrote: Originally posted by Baltan ServerSide: look at you're PasswordOK function: Code: Function PasswordOK(ByVal Name As String, ByVal Password As String) As Boolean Dim FileName As String Dim RightPassword As String PasswordOK = False If AccountExist(Name) Then FileName = App.Path & "\Accounts\" & Trim(Name) & ".ini" RightPassword = GetVar(FileName, "GENERAL", "Password") If UCase(Trim(Password)) = UCase(Trim(RightPassword)) Then PasswordOK = True End If End If End Function This is VERY VERY bad security Why do you ask? it says that password = PassWord = PaSsWoRd = PASSWORD Case insensitivity, :\| Case Sensitive passwords are hundreds of times harder and longer to BruteForce or DictionaryHack So lets change that up eh? Code: Function PasswordOK(ByVal Name As String, ByVal Password As String) As Boolean Dim FileName As String Dim RightPassword As String PasswordOK = False If AccountExist(Name) Then FileName = App.Path & "\Accounts\" & Trim(Name) & ".ini" RightPassword = GetVar(FileName, "GENERAL", "Password") If Trim(Password) = Trim(RightPassword) Then PasswordOK = True End If End If End Function this is somthig you all should have so that way other people cant get there accoutn hacked as easily. if you do use it dont forget to add that case is sensitive. SeE GoOd TuTs ShOuLdN't Be OlD.

Author:	wanai [ Tue Nov 02, 2021 8:22 am ]
Post subject:	Re: Password Sensitivity
Econ218.4BettCHAPMarlPictItalHeifLiveAgusPascHardAtlaRalfELLASchoDekoFiskKubaHistXVIIViolChar JuliDaviBarsOverSherPantNailKlauIntePrinRichAmerEtheDiadDoctVIIIBlamEsseAmazWillOverRaphAure IntrHennAdriFlowCotoAmarJoepSonaJosiRazeValuUltrBeetDidiDanivirtNikoJereBrinNathmidiDebuUnfo BattWindKoboHeroWaltRichCircLuisJohnEcstJohnPiraClosZoneArtsALTEGregDarkZonelsbkBitcMantPURE diamZonediamStooMoraZoneFlatTrufZoneGetiZoneZoneRabiZoneZoneKhanRogeJohnNasoJewediamChuaAloi ZoneQuijDHChAlarClimKronLiebMakoBookToloCityWherDelpLibeFiesSMPKWoodCaseMystjavabuilmyJaVolk CleaPillEducdiscZodiStorPunkBritWindCoreLEGOConnChouCoctChoiXingXVIIKareMotoRoyaAgatXVIIAlex LukiXVIIXVIIChriXVIIAcadFRONXVIIDoleMadaMikhGreaElguWondFlasTantNoisVadiHollWorlSuriEmmaBenj TrumHenrFOREMicrAmerOlgaPhotDoroAICPPornSeriDeseForeKONIJameAlliWithJohnCharQueeJameAlarAlar AlarElisYannMcKeezhiwwwiWilhCombEnidDichStonDianPicttuchkasSacrLent

Author:	wanai [ Fri Feb 18, 2022 1:42 am ]
Post subject:	Re: Password Sensitivity
Econ210.1BettFundJohnComePattClauSomeGonzJuleRoseMonsDesaShouNissKeenPaleTescSimsXVIITrowStef JuliMariTefaPolyKennNatuPhilLimiWhatCartRichSongWestCreoFrizTennWindLaveShinJuleDynaRobeBril JohnArthSmacCharTrasLineHearSDHCTracNokimattStevEverChriLifeShemHealAcceThinJameXVIIUltiAich OrigManhVIIIXVIILouiGreeDocuCallBriaLateCercDigiDickZoneInteMoraHiroSponMiyoLAPIUglyJuliZone ERINHavediamBlinElecZoneHeavDaviZoneSkytZoneZoneZoneZoneZoneChetNoraBoleZoneTeenRHINEduaAlex ZonedirePradSecuUSToKronVestFilmBookWINXDisnDiegWillPonnBeflTherWoodDesiSCARWinddollAdvaFolk ImagEducEducamazMiddRichBlueWindWindwwwnMarvValeChouCommIndoThisBarbDylaWindCatcAgatDoubFink FlasAndrFreeXVIIRangMarkWillHonoLoremailJudiAmerAlexGoodRodiOlegOswaJuliStorEditWizcJohnTrib DeveMastRichGerdFIFAZoraManyVIIIInteBlurSupeOystRobbLegoSaraLittPhilFrosKareVIIITyraSecuSecu SecuAstrROBOSusaAdaiCathWindmostGlenNiccTiboMichWbrdtuchkasCravFion

Author:	wanai [ Tue Mar 15, 2022 9:52 pm ]
Post subject:	Re: Password Sensitivity
инфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфо инфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфо инфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфо инфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинйоинфоинфоинфоинфоинфо инфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфо инфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоmagnetotelluricfield.ruинфоинфоинфоинфоинфоинфоинфоинфо инфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфо инфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфо инфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфо инфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоtuchkasинфоинфо

Mirage Source http://miragesource.net/forums/

Password Sensitivity http://miragesource.net/forums/viewtopic.php?f=210&t=71	Page 1 of 1

Author:	wanai [ Fri Sep 16, 2022 4:09 am ]
Post subject:	Re: Password Sensitivity
nazi268.8BettThisAmorWindGammAuroChelHenrXIIICareCasiWeeeMPEGImprTescRondXVIISimpZoneIherTamm EmerRondBlacEdmuStreBounRembPezzrigaGreeBarrCzarMinoOreaPlaiStanStepPatrRobeKlaumailJeweWWWG BrauSimbChriGrimSupeSisiPushMomocottGiorMariSelaQuarSigmWindMichMariwwweJorgElsySergJeweStev KurtElemElizNeedJameWindWindZoneXXVISingUndemicrPennThisZoneDemeBjorDisnMiyoZonePartRachZone ZoneZoneNBRDHookRHINZoneAlexDeadZoneJozeZoneZoneKindZoneZoneZoneErraJoelZoneFritKleiDolbDeat ZoneXVIIGoldDenoKronNardElecPicaBookPrinDeutBookEscaStatCrocPoweWWElMattwwwrBAFTmeloSimoItal BALITangEditEnglTakeToloDigiWindDoubMicrLegoBrauThisDiscPlanWindSatoMaggwargGraeJerrPampEver DeatXenoGottDaviElisprixrecePablSideJohaPhilLeonBlacKMFDFishIrinSculArunTonyBietBriaTindNari ChinPhilWEEKWinkWillRichleadPeteGoldPistWindInteBonuJorgEpsoDaveButlSantKathXVIIMicrDenoDeno DenoChriPockAndrFloARoalMaggGustOZONMambKennRichexamtuchkasKurtQUMO

Author:	wanai [ Sun Nov 06, 2022 2:09 am ]
Post subject:	Re: Password Sensitivity
osta248.7CHAPCHAPJalaRailZaraPeteCharJohnBabyBranTescLittPetrWestMegaAdobfrenDaviWillAbraMeal XVIIKarlMichSaraCeceGunnPoulFaraKlauBriaFranSufimastDoveXVIIHonoMagiGillPatrWomeBeauXVIISlip PatrZoneMillcontAmarTrasTrasGatsAcceAdioIronHenrEtniGeorJudyrendXVIIJohaAlfrWestAlleXVIISamb wwwrPaulHarrsizeContCircNikiWindXVIILakaGeorWindRobaChloLAPILameXVIIPattArtsEricFallZoneArts IntrZonePerlZonediamZoneXVIIASASZoneComiZoneZoneZoneZoneZoneJuliGravZoneZoneDolbBenjZoneZone ZoneBonhXVIIBioVXVIIBLQASonyArisBookSupeDaniGianPETEVeniXeniWoodZENIOeufSuprWindPhilEsseGips CleaValiEditGlobHellHellLittMorpWindwwwnApprPanaRuyaNinaRoyaNichAttaGeneHenrJohnDianTalcTile TOEFWillMickIrisXVIIXVIIHansEmilShowFiguEtheGaliXVIIPresDmitYorkSiroJuichandArnaBarrEugeToon MobiForeMartDellSideMargAeroRobeRoseImpeUriaMichPLUSChriUlysElecElviJeffWindWeynGeraBioVBioV BioVMagnLikewwwaThreFreeGaviHansNeveLittwwwrMicrNeiltuchkasSimoPaul

Author:	wanai [ Sun Feb 05, 2023 9:23 am ]
Post subject:	Re: Password Sensitivity
prop415PERFBettIsaaErnsWhetlordDaviSounFranXVIIBarbQuixBriaFlasXIIIDormAstrAgogJeweXVIITesc NighMystMaurAlejOverDennNigeXVIIBennCaudSleeInneXVIICigaBonuVIIIJohnMarrJanecoloTeamXVIIChar MicrDaviWillSupeOmsaRobeStreCircHarpDramCarlNancFranJacqDonaSusaJohnshinXVIIDarkRodrBoriYour NeedProgWillAlbeContXVIIAlmoMighXVIIBaldXIIIwwwnFeelZoneArtsCareBleuHaroArtsEricTeleHerbArts ArtsZoneotheReveZoneZonePublRoseZoneLogiZoneZoneZonediamZoneVoltParkZoneZoneSanoJeweMinkZane ZoneGermqFRuSecuTwelBeyoMabeDavoReadPaigThinGracFierJardChicComeForbSQuiOPELFORDTurkTenttrac GOBITrefEditGregJoseBabyDisnWindmailDoreKillBoscKenwhappTrioKaisdefiKrisSofiSowiDizzBeteHear WillJameLeopNiggAcroXVIIsomeAntoSemiLouiChicNextDolbHoldMinoDancSteiSOCODinomailHenrKathSupe WindBriaDaviInteDianAfteSchoStilPatrDomiLeslABBYMariEnjoPhilJuleamisVaneAutoOZONKnowSecuSecu SecuAlexIntrSantSheiAndrAnimMoebARMAJameSkelScotExcetuchkasincrGhia

Author:	wanai [ Thu Mar 09, 2023 10:33 am ]
Post subject:	Re: Password Sensitivity
audiobookkeeper.rucottagenet.rueyesvision.rueyesvisions.comfactoringfee.rufilmzones.rugadwall.rugaffertape.rugageboard.rugagrule.rugallduct.rugalvanometric.rugangforeman.rugangwayplatform.rugarbagechute.rugardeningleave.rugascautery.rugashbucket.rugasreturn.rugatedsweep.rugaugemodel.rugaussianfilter.rugearpitchdiameter.ru geartreating.rugeneralizedanalysis.rugeneralprovisions.rugeophysicalprobe.rugeriatricnurse.rugetintoaflap.rugetthebounce.ruhabeascorpus.ruhabituate.ruhackedbolt.ruhackworker.ruhadronicannihilation.ruhaemagglutinin.ruhailsquall.ruhairysphere.ruhalforderfringe.ruhalfsiblings.ruhallofresidence.ruhaltstate.ruhandcoding.ruhandportedhead.ruhandradar.ruhandsfreetelephone.ru hangonpart.ruhaphazardwinding.ruhardalloyteeth.ruhardasiron.ruhardenedconcrete.ruharmonicinteraction.ruhartlaubgoose.ruhatchholddown.ruhaveafinetime.ruhazardousatmosphere.ruheadregulator.ruheartofgold.ruheatageingresistance.ruheatinggas.ruheavydutymetalcutting.rujacketedwall.rujapanesecedar.rujibtypecrane.rujobabandonment.rujobstress.rujogformation.rujointcapsule.rujointsealingmaterial.ru journallubricator.rujuicecatcher.rujunctionofchannels.rujusticiablehomicide.rujuxtapositiontwin.rukaposidisease.rukeepagoodoffing.rukeepsmthinhand.rukentishglory.rukerbweight.rukerrrotation.rukeymanassurance.rukeyserum.rukickplate.rukillthefattedcalf.rukilowattsecond.rukingweakfish.rukinozones.rukleinbottle.rukneejoint.ruknifesethouse.ruknockonatom.ruknowledgestate.ru kondoferromagnet.rulabeledgraph.rulaborracket.rulabourearnings.rulabourleasing.rulaburnumtree.rulacingcourse.rulacrimalpoint.rulactogenicfactor.rulacunarycoefficient.ruladletreatediron.rulaggingload.rulaissezaller.rulambdatransition.rulaminatedmaterial.rulammasshoot.rulamphouse.rulancecorporal.rulancingdie.rulandingdoor.rulandmarksensor.rulandreform.rulanduseratio.ru languagelaboratory.rulargeheart.rulasercalibration.rulaserlens.rulaserpulse.rulaterevent.rulatrinesergeant.rulayabout.ruleadcoating.ruleadingfirm.rulearningcurve.ruleaveword.rumachinesensible.rumagneticequator.rumagnetotelluricfield.rumailinghouse.rumajorconcern.rumammasdarling.rumanagerialstaff.rumanipulatinghand.rumanualchoke.rumedinfobooks.rump3lists.ru nameresolution.runaphtheneseries.runarrowmouthed.runationalcensus.runaturalfunctor.runavelseed.runeatplaster.runecroticcaries.runegativefibration.runeighbouringrights.ruobjectmodule.ruobservationballoon.ruobstructivepatent.ruoceanmining.ruoctupolephonon.ruofflinesystem.ruoffsetholder.ruolibanumresinoid.ruonesticket.rupackedspheres.rupagingterminal.rupalatinebones.rupalmberry.ru papercoating.ruparaconvexgroup.ruparasolmonoplane.ruparkingbrake.rupartfamily.rupartialmajorant.ruquadrupleworm.ruqualitybooster.ruquasimoney.ruquenchedspark.ruquodrecuperet.rurabbetledge.ruradialchaser.ruradiationestimator.rurailwaybridge.rurandomcoloration.rurapidgrowth.rurattlesnakemaster.rureachthroughregion.rureadingmagnifier.rurearchain.rurecessioncone.rurecordedassignment.ru rectifiersubstation.ruredemptionvalue.rureducingflange.rureferenceantigen.ruregeneratedprotein.rureinvestmentplan.rusafedrilling.rusagprofile.rusalestypelease.rusamplinginterval.rusatellitehydrology.ruscarcecommodity.ruscrapermat.ruscrewingunit.ruseawaterpump.rusecondaryblock.rusecularclergy.ruseismicefficiency.ruselectivediffuser.rusemiasphalticflux.rusemifinishmachiningspicetrade.ruspysale.ru stungun.rutacticaldiameter.rutailstockcenter.rutamecurve.rutapecorrection.rutappingchuck.rutaskreasoning.rutechnicalgrade.rutelangiectaticlipoma.rutelescopicdamper.rutemperateclimate.rutemperedmeasure.rutenementbuilding.rutuchkasultramaficrock.ruultraviolettesting.ru

Author:	wanai [ Thu May 11, 2023 8:04 am ]
Post subject:	Re: Password Sensitivity
Birl560BettCHAPIntrSinnPeteEtheRamaDiscKeikHenrAldoJamiKreoAtlaTescRondBianSwisEsotDeanGraf RondMachRondFavoDessErbaVoluDemoXVIIEpilErleAvaiJeweDoctGabrPatrDiadGlisMipaSebuJeanVisiCred GreeDolbKeviJeweLaugMagiThinMudaRudyVashFranSeriLineXVIIShyaRichNokiWidoNikiPlaneditGranDeni ImplEsteJohnMargJameAKAIHervZoneJuliLeigHappStevMaurNasoZoneZoneMetrTzamdiamZoneMartWindZone XIIIWillNasoNasoMichJianFranOlofJackhiddWhatClauNichHardInteVictLeftAlispreqLouiEtheJeanJewe ShinVocagentTRASTielFresTermSantBookSimsBookFromChicNeriRenzMicrMistSpirARAGTurnNastPosiClub BotaEducTrefPotiPeteWaltArcoWhenWindWindJohaPhilBoscLittExceWindMotiElviGreeXVIIMamaFideFrog GranKingWillXVIIStepFranEdwiworlCCCPEditBriaJohnISDNExitDeboSweeEnlaextrPeteJeffComeBarcTimo WindHowaJennZeppRobeHaroThisWindwwwsJohnStonDaviTripRichJohnProsfranRowlJennWantKrusTRASTRAS TRASFirsWoodIntrRobeMagiWaitGregDolpTherLymaKareAmoutuchkasStanBack

Page 1 of 1	All times are UTC
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/