Bugtraq mailing list archives

Re: NT WinLogon VM contains plaintext password visible in admin mode

From: mad.nutter () MINDLESS COM (Chris Paget)
Date: Wed, 8 Dec 1999 11:01:38 GMT

I contacted MS about this and they indicated it was fixed in
NT 4.0 SP5 - I have not retested it on SP5 yet to be sure.


This has been fixed under NT4 SP6 - the first 10,000 bytes of the
winlogon process are not accessible, and the rest of the memory space
appears to have nothing interesting in it - all I managed to retrieve
were actual environment variables.  Windows 2000 RC2 is the same - I
have not tested RC3, but I would assume it too is fixed.

Chris

-- 
Chris Paget
C++ Developer - NetInvest LTD.

chris.paget () netinvest co uk

Current thread:

Re: FTP denial of service attack, (continued)
- - Re: FTP denial of service attack Henrik Nordstrom (Dec 07)
    - Re: FTP denial of service attack Darren Reed (Dec 07)
    - Re: FTP denial of service attack Henrik Nordstrom (Dec 07)
    - Re: FTP denial of service attack Darren Reed (Dec 07)
  - Re: FTP denial of service attack Theo de Raadt (Dec 07)
    - Re: FTP denial of service attack Darren Reed (Dec 07)
  - Re: FTP denial of service attack Gregory A Lundberg (Dec 10)
  - RSAREF2 buffer overflow patch Gerardo Richarte (Dec 10)
- Re: new IE5 remote exploit Shane Hird (Dec 07)
- NT WinLogon VM contains plaintext password visible in admin mode Robert Horvick (Dec 07)
  - Re: NT WinLogon VM contains plaintext password visible in admin mode Chris Paget (Dec 08)
- [Debian] New version of sendmail released Aleph One (Dec 07)
- The money: protocol in Internet Explorer Richard M. Smith (Dec 20)
  - Re: The money: protocol in Internet Explorer David Litchfield (Dec 21)
- Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability Ussr Labs (Dec 20)