Password Interception


Password Interception
Password Interception
Threat
The fact that the username and password were sent in cleartext is a security vulnerability. An
adversary could read Facebook user names and passwords o of the Ethernet or unencrypted wireless
tra c, obtaining access to users' Facebook passwords, as well as any additional accounts they use
those passwords for. Because of the ethical and legal implications of doing so, we did not attempt
to steal passwords. It should be noted, however, that MIT cited password theft as a real problem
when they maintained telnet servers that had login data sent as cleartext. The University of New
Mexico cited this as the main reason they chose to disable Facebook access from their network.
Because many many users use their university email passwords as their Facebook passwords, UNM
views Facebook as a security liability for their network.