If it makes you feel any better, you're not alone. Would be a few more hoops to jump through to connect it to me, but as far as I know my company is the only customer left using this particular piece of software. The vebdor let go all their support staff and devs for it over a year ago. It's also highly likely that my company has a significantly customized version of this software.
Files shipped with the client install include functions to not only encrypt passwords (expected) but to decrypt them as well. If anyone got into the users table of the db it's all over.
Edit: Also to be fair, I don't truly know if this would be considered a problem. If someone has the users table you're probably fucked in a lot of other ways too.
If it makes you feel any better, you're not alone. Would be a few more hoops to jump through to connect it to me, but as far as I know my company is the only customer left using this particular piece of software. The vebdor let go all their support staff and devs for it over a year ago. It's also highly likely that my company has a significantly customized version of this software.
Files shipped with the client install include functions to not only encrypt passwords (expected) but to decrypt them as well. If anyone got into the users table of the db it's all over.
Edit: Also to be fair, I don't truly know if this would be considered a problem. If someone has the users table you're probably fucked in a lot of other ways too.