In the spring of 2009, the [http://www.security.vt.edu/ IT Security Office] and DyKnow were alerted that the login process was unsafe. Passwords are sent by DyKnow over the wire as an [[w:MD5|MD5 hash]] with a static [[w:Salt (cryptography)|salt]] and symmetrically encrypted with [[w:Advanced Encryption Standar|AES]]. While the salted MD5 hash is invulnerable to standard [[w:Rainbow table|precomputation attacks]], the symmetric encryption was performed with key information shared between all clients, allowing for simple decryption if the traffic can be intercepted. Within a month of notification, the issue was worked around at Virginia Tech. Users were instructed to enable SSL for transactions and unencrypted access to the server was shut off. No response from DyKnow on this issue is known of.