Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Bios Information Leakage
From: Ron van Daal <ronvdaal () n1x nl>
Date: Fri, 16 Dec 2005 10:33:21 +0100 (CET)

On Tue, 13 Dec 2005, Jonathan Brossard wrote:

The two following techniques were pretty common under MS DOS several years
ago (see the "Bios Companion" [4] for instance).
It made use of debug to access physical ports. Under Linux, this
requires special permissions that are given using ioperm.

The main idea to reset CMOS is to make the checksum fail.

To make the CMOS checksum fail in the 'good old DOS days' I just typed a
file to CLOCK$ which caused the CMOS to be partly overwritten, disabling
the BIOS password checks.

I agree with you on the fact that plaintext password storage is outdated.

Kind regards,

Ron van Daal
The Netherlands

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]