[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Sago Networks allows use of root passwords in clear text channels

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Sago Networks allows use of root passwords in clear text channels
From: Scott Edwards <supadupa@xxxxxxxxx>
Date: Mon, 14 Mar 2005 03:02:55 -0700

Sago Networks [www.sagonet.com], is a hosting provider for dedicated
and colocated servers, including other various internet related
services. The ticketing system does not collect trouble ticket data
over SSL.  Furthermore, trouble ticket information requests a
root/admin password when working on the server.  This password is
passed in the clear over plain http (not ssl, eg https enabled).  This
same root/admin password is also sent to the customer in an email upon
opening of the ticket.

considering the poor service I've had with this company, nearly since
day one, I have little alternative, but to switch providers.  Consider
this a recommendation to NOT use them if at all possible.

Thank you,


Scott Edwards
-- 
Daxal Communications - http://www.daxal.com
Surf the USA - http://www.surfthe.us
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Sago Networks allows use of root passwords in clear text channels
  - From: Thorsten Holz

Prev by Date: [Full-disclosure] Analysis of CherryOS and PearPC code
Next by Date: Re: [Full-disclosure] Sago Networks allows use of root passwords in clear text channels
Previous by thread: Re: [Full-disclosure] Analysis of CherryOS and PearPC code
Next by thread: Re: [Full-disclosure] Sago Networks allows use of root passwords in clear text channels
Index(es):
- Date
- Thread