Bugtraq mailing list archives

Re: 13 tiny bytes to show the huge sillyness of our great common

From: tpeland () TKUKOULU FI (Tero Pelander)
Date: Thu, 22 Oct 1998 11:43:04 +0300


On Wed, 21 Oct 1998, bt398 wrote:

Microsoft did it the other way. The function returns the uncrypted password
to a buffer (... no comment).

Indeed, this is not _big_ deal but if a user has access to your computer
after you logged then he can easily retrieve your password.. And I am sure
that a lot of people uses the same password for their mail and their
windows password (so it is somewhat a security problem). I attached a small
program that prompts the password of the user (you must have logged in
first); this only work on Windows for Workgroup 3.11 and Windows 95
(Windows 98 and Windows NT are not affected -hopefully-).

[cachepig.zip removed]

NT (4.0 SP3+hotfixes) isn't affected, 98 is affected

Current thread:

13 tiny bytes to show the huge sillyness of our great common bt398 (Oct 21)
- Re: 13 tiny bytes to show the huge sillyness of our great common Tero Pelander (Oct 22)
- bof in sdtcm_convert (Solaris 2.5) Joel Eriksson (Oct 23)
- buffer overflow vulnerability in netscape 3.0 to 4.5 Paul Boehm (Oct 23)
  - Re: buffer overflow vulnerability in netscape 3.0 to 4.5 Paul Boehm (Oct 23)