Bugtraq mailing list archives
Re: Netware + Win95 issue
From: melson () SCNC HOLT K12 MI US (Paul Melson)
Date: Tue, 8 Apr 1997 13:56:34 -0400
Hi There seems to be serious security flaw in win95 dealing with novell netware passwords. It's trivial to find netware password in win95 swap file by just scanning the hard disk for USERNAME (with some disk editor) The only solution I have found is to disable virtual memory, but this is not a SOLUTION, because lot of programs just do not work without it... btw. I'm talking about MS netware client (not aware if this flaw is present in Novell client32)
By default, this problem is also present in the latest
(July 96) release of NetWare Client32 for Windows 95.
It can be disabled by going into the Network control
panel item, opening the "Novell NetWare Client 32
Properties" dialogue, and disabling the "Cache NetWare
Password" option on the "Advanced Options" page.
Paul
--
_____________________
melson () holt k12 mi us
Current thread:
- Password problem in Trumpet Winsock. null (Apr 06)
- Linux - buffer overflow in filter Mikhail Iakovlev (Apr 06)
- Re: Password problem in Trumpet Winsock. John Sheehy (Apr 06)
- Re: Password problem in Trumpet Winsock. Michael Douglass (Apr 07)
- Netware + Win95 issue Lauri Laupmaa (Apr 07)
- Re: Netware + Win95 issue Paul Melson (Apr 08)
- Another one javascript exploit attempt? Andrew V. Kovalev (Apr 07)
- DUMP of NT system crash Vytautas Vysniauskas (Apr 07)
- Re: Password problem in Trumpet Winsock. Paul Melson (Apr 07)
- BoS: /etc/default/login LOCKOUT= creates arbitrary files (fwd) Illuminati Primus (Apr 07)
- Re: BoS: /etc/default/login LOCKOUT= creates arbitrary files (f Eugene Bradley (Apr 08)
- FreeBSD Security Advisory: FreeBSD-SA-97:03.sysinstall Aleph One (Apr 07)
- CERT Advisory CA-97.09 - Vulnerability in IMAP and POP Aleph One (Apr 07)
- [linux-security] amd 920824upl102 ignores the nodev option Aleph One (Apr 08)