Menu Sign In Contact FAQ
Banner
Welcome to our forums

Eurocontrol password change email

Yes, although funnily enough 10+ years ago few people would have complained about getting their password in an email. Everybody has become really sensitive and reactive. Well, reasonably so IMHO in this case. At work we have a new VOIP phone system. There is a hack attempt on the phones roughly every 0.5 of a second… and a friend of mine lost a few k when his VOIP system got hacked.

Just Culture is about not punishing mistakes/errors (note that the UK doesn’t apply it to GA pilots ) but this is not something which JC would address; it is a deep organisational/cultural issue within Eurocontrol, not some single person’s error.

They have always struggled with the idea of “security”. For many years the login on the EAD website was just a fake login. All the content was freely accessible directly if you had the URLs. Someone I know wrote a program which grabbed the entire site. It was going to be marketed, for making your own copy of the AIP database

Administrator
Shoreham EGKA, United Kingdom

Cobalt wrote:

storing unhashed passwords

I don’t want to defend Eurocontrol, but let’s stick with the Facts:
. First of all we don’t know if they store unhashed Passwords – we just know the email that could also be generated directly by the webserver when entering the new credentials and the Password could well be stored as hash.
. Yes, sending Passwords in plaintext as emails is bad practice but not as uncommon and out of this world as many here pretend. Unfortunately many institutions/companies still do that (and think it is secure because they send password and Login in two seperate emails). When evaluating that one always also needs to look at the sensitivity of the Information which is actually accessed with that password. And as it has been written before: The Information we are talking about here is mainly public anyways and in any case not very sensitive
. If users use the same or similar passwords for different plattforms, it is “gross incompetence” and a behaviour from 15 years ago, indeed – but nothing we can blame Eurocontrol for. The operator of a specific system can always see my password in lain text – and within the operator organization there are even with the best managed security practice Always at least 5 People who would have legit access to them and could abuse it.

Overall: Yes, Eurocontrol obviously made a mistake but no, this is not the end of the world. Shouldn’t happen but “let’s keep the church in the village”
(;-) another German quote meaning “Let’s keep things in Proportion”; unfortunately don’t know a catchy English phrase for that ;-) )

Germany

Let’s not make a mountain out of a mole hill

EHLE / Lelystad, Netherlands, Netherlands

That’s a good one, yes

First of all we don’t know if they store unhashed Passwords – we just know the email that could also be generated directly by the webserver when entering the new credentials and the Password could well be stored as hash.

I suspect not. In normal practice, the browser sends the login+pwd to the server and the server should immediately hash the pwd and compare it with the stored hash. The fact that an email is being generated with the pwd suggests that the pwd is stored in the user database. And for sure it will be in the server log… But it may not be i.e. you may well be right. But then it would be a really weird point at which to generate an email, containing the password “which you are not otherwise storing”

Indeed someone with root access can install a piece of code to grab a copy of the credentials the moment they arrive, but if your system is penetrated to that extent, you’ve had it anyway

I don’t know why Eurocontrol even have a login. They could just use a google captcha to block the bots…

Administrator
Shoreham EGKA, United Kingdom

Peter wrote:

They could just use a google captcha to block the bots…

That would make much more sense – bu sense is often not taken into account.

EHLE / Lelystad, Netherlands, Netherlands

Peter wrote:

In normal practice, the browser sends the login+pwd to the server and the server should immediately hash the pwd and compare it with the stored hash.

Now it’s getting a bit technical.

First of all, we are not talking about the login process but about the pwd change process. In this case, there always needs to be some degree of plaintext processing, like checking that no illegal characters are used, if the pwd fulfills the conventions (e.g. length, use of #, special chars, etc.) while theoretically possible I haven’t even seen an implementation that checks if you have entered the same password twice (in cases where you have to enter it twice to avoid locking yourself out of the system by a type when changing pads) with the hash rather than the plaintext – wouldn’t make any sense as you have to do some plaintext processing anyways.
Adding some salt and pepper also has to be done in plaintext

Even at the login there is some plaintext processing required like adding salt and pepper, changing case if pwd should not be case sensitive, checking for illegal characters, etc.

Finally: Don’t know how you log your servers, but on mine there is never the full text of any email sent in the server log…

Germany

EuroGA emails (about fly-ins etc) are done separately, not anything to do with the server. Notifications come from the server but they don’t contain any “information” as such.

And we don’t store passwords anywhere.

Administrator
Shoreham EGKA, United Kingdom

Another comment on the difference between airspace busting and e-mailing passwords in the clear.

A pilot flying is part of the air traffic system. A system should be designed so that component faults should be prevented or tolerated. So if a pilot infringes it should primarily be seen as a systems failure.

Compare with software. Bugs are faults in software. A software development organisation should have a quality control system in place to make sure that bugs are detected and corrected. If software is shipped with bugs, you don’t go after the developer who wrote the buggy lines of code — you go after the company for not having had a proper QA system.

If sending the password in the clear was the result of a bug, then the comparison with aviation just culture would have been apt. But it can’t in any reasonable way have been caused by bug – it must have been caused by a conscious design decision.

ESKC (Uppsala/Sundbro), Sweden
18 Posts
Sign in to add your message

Back to Top