mailing list archives
Re: BugTraq: EFS Win 2000 flaw
From: Alexander Ivanchev <ai () BULINFO NET>
Date: Sat, 20 Jan 2001 02:11:02 +0100
Correct me if I'm wrong, but the use of programs that utilize direct disk
access (such as DiskProbe) is restricted to the Local Administrator
account (as per
nt.asp). If an would be attacker has this kind of access, he automatically
has the sufficient power (due to the existence of the recovery agent
certificate, unless the computer is part of a domain (but that's another
story) to decrypt any locally stored file.
Nevertheless good work. This particular behavior of handling .tmp files by
the EFS code shows some poor design on Microsoft's part.
From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of
Sent: Friday, January 19, 2001 12:30
To: BUGTRAQ () SECURITYFOCUS COM
Subject: BugTraq: EFS Win 2000 flaw
I have found a major problem with the encrypted filesystem
( EFS ) in Windows 2000 which shows that encrypted files
are still very available for a thief or attacker.