Home page logo

bugtraq logo Bugtraq mailing list archives

Re: ... Tiny Personal Firewall ...
From: Scott Nursten <scottn () s2s ltd uk>
Date: Fri, 01 Mar 2002 16:55:40 +0000

Not being au fiat with Windows programming etc., I was wondering if this was
standard practice? Surely if the workstation is locked it's supposed to stop
all I/O? 

Isn't this also an OS related bug? No flames please, it's just a question.



On 28/2/02 2:53 pm, "Andrew Barkley" <andrew.barkley () usa net> wrote:

Hi ...

Scanning hosts running the Tiny Personal Firewall (2.0.15a) on W2K
workstations that have been locked (ctl + alt + del)

The popup alert/dialogue jumps to the foreground, thus open to accept
permit/deny input from the local console, even when the workstations are
locked (ctl + alt + del).  Thus an untrusted individual whom has local access
to individuals workstations can scan a workstation/network, wait for the popup
alert dialogue and enter "permit" on unattended (locked workstations) without
the owners permission/knowledge, No need to first unlock (ctl + alt + del)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]