• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 311
  • Last Modified:

passwords in clear text sent through ssl

if passwords are sent in clear text but through ssl, would someboy sniffing the packets be able to optain the password?
0
maboisvert
Asked:
maboisvert
1 Solution
 
Rich RumbleSecurity SamuraiCommented:
It is possible, if they see the entire stream from the beginning, but it's not worth the time... if they did not sniff the connection when it was 1st established.
http://wiki.wireshark.org/SSL
But after the stream is going, i.e. after the handshake, then it's very very very(infinity) remote. Man in the middle attacks don't work well on SSL/TLS but you could sniff the traffic and not manipulate it and gain information.
-rich
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now