Reply
Occasional Visitor
Damian
Posts: 1
Registered: ‎Wed 28-Jul-2010
0

Level of security on user password in iconn.cfg and iconnlocal.cfg

I am currently investigating the method in which we allow users to authenticate against our web update server for Sophos Antivirus, we are currently using Sophos Antivirus 7.6.20.

 

From the clients perspective I notice that the username and password gets stored locally in clear text in the files, even though the password seems to be altered.

 

C:\ProgramData\Sophos\AutoUpdate\Config\iconn.cfg

C:\ProgramData\Sophos\AutoUpdate\Config\iconnlocal.cfg

 

Can you confirm to me what level of level of security is used to secure the password, (Encryption , Hash or Encoding?)

Executive VIP
QC
Posts: 4,318
Registered: ‎Mon 23-Nov-2009
0

Re: Level of security on user password in iconn.cfg and iconnlocal.cfg

Hello Damian,

 

the term for the method used is obfuscation, it is of course reversible and just for hiding the credentials from prying eyes. What is your concern?

 

Christian