In the spring of 2009, the [http://www.security.vt.edu/ IT Security Office] and DyKnow were alerted that the login process was unsafe. Passwords were being sent over the wire as an [[w:MD5|MD5 hash]] with a static [[w:Salt (cryptography)|salt]] and symmetrically encrypted with [[w:Advanced Encryption Standar|AES]], while the salted MD5 hash is invulnerable to [[w:Rainbow table|precomputation attacks]], the symmetric encryption was performed with key information shared between all clients, allowing for simple decryption if the traffic could be intercepted. Within a month the issue was worked around. Users were instructed to enable SSL for transactions and unencrypted access to the server was shut off. No response from DyKnow is known of.