Home page logo

bugtraq logo Bugtraq mailing list archives

Re: 13 tiny bytes to show the huge sillyness of our great common
From: tpeland () TKUKOULU FI (Tero Pelander)
Date: Thu, 22 Oct 1998 11:43:04 +0300

On Wed, 21 Oct 1998, bt398 wrote:

Microsoft did it the other way. The function returns the uncrypted password
to a buffer (... no comment).

Indeed, this is not _big_ deal but if a user has access to your computer
after you logged then he can easily retrieve your password.. And I am sure
that a lot of people uses the same password for their mail and their
windows password (so it is somewhat a security problem). I attached a small
program that prompts the password of the user (you must have logged in
first); this only work on Windows for Workgroup 3.11 and Windows 95
(Windows 98 and Windows NT are not affected -hopefully-).
[cachepig.zip removed]

NT (4.0 SP3+hotfixes) isn't affected, 98 is affected

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]