Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: BugTraq: EFS Win 2000 flaw
From: Alexander Ivanchev <ai () BULINFO NET>
Date: Sat, 20 Jan 2001 02:11:02 +0100

Hello.

Correct me if I'm wrong, but the use of programs that utilize direct disk
access (such as DiskProbe) is restricted to the Local Administrator
account (as per
http://www.microsoft.com/windows2000/guide/professional/solutions/manageme
nt.asp). If an would be attacker has this kind of access, he automatically
has the sufficient power (due to the existence of the recovery agent
certificate, unless the computer is part of a domain (but that's another
story) to decrypt any locally stored file.

Nevertheless good work. This particular behavior of handling .tmp files by
the EFS code shows some poor design on Microsoft's part.

Regards,
 Alexander

-----Original Message-----
From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of
Rickard Berglind
Sent: Friday, January 19, 2001 12:30
To: BUGTRAQ () SECURITYFOCUS COM
Subject: BugTraq: EFS Win 2000 flaw


I have found a major problem with the encrypted filesystem
( EFS ) in Windows 2000 which shows that encrypted files
are still very available for a thief or attacker.

<snip>

Attachment: smime.p7s
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]