WatchGuard has been caught doing what a lot of first-timers to access control have done — simply hashing passwords as a means of implementing security — but perhaps all isn’t that bad in the world.
Information security researcher Jérôme Nokin, who runs a blog on all the fun things you can do over IP, found that WatchGuard’s firewall appliances are taking a bit of a shortcut when it comes to storing passwords.
It’s the typical mistake of recognising that storing plain text passwords is a big no-no, but not going any further than simply hashing the password. In WatchGuard’s case, it had been performing an NTLM hash of the password and that’s it.
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
A worrying trend for Australians The Latitude Financial attack clearly…
It is not unusual for companies to keep hold of…
“First of all, it should be praised that Ferrari have…
These findings aren’t very surprising given that unpatched zero-days provide…
These figures from Mandiant highlight how attackers are continuing to…