Bugtraq mailing list archives
FW: Microsoft Access 97 Stores Database Password as Plaintext
From: ejsteven () CS MILLERSV EDU (Eric Stevens)
Date: Fri, 5 Feb 1999 09:03:22 -0500
Appologies, the files were too large to send through Bugtraq, you may go here instead: http://cs.millersv.edu/~ejsteven/linked.mdb http://cs.millersv.edu/~ejsteven/protected.mdb -----Original Message----- From: Eric Stevens [mailto:ejsteven () cs millersv edu] Sent: Friday, February 05, 1999 8:53 AM To: bugtraq () netspace org Subject: RE: Microsoft Access 97 Stores Database Password as Plaintext What our friend is saying is that if you File >> Get External Data >> Link Tables [which is something that I use regularly] on a password protected database, the passwords to the protected database are stored in the database that contains the linked tables in plain text. Attached are two databases, Protected.mdb and Linked.mdb. Their names are self explanatory. If you text edit the Linked.mdb, you'll quickly discover the unprotected password. The threat is this: You have a database system set up that may be prone to attack (and ALL general use systems are prone to attack, perhaps by a disgruntled employee) which uses linked tables, and a simple-minded fool could figure out how to gain full access, and place in some malicious code, even if the database that contains the links is protected with a password. Here's some of the text right from Notepad to your computer: C:\My Documents\protected.mdb [...about 10 ASCII characters...] MS Access;PWD=protected;protected The passwords to the two databases attached are: linked.mdb; linked protected.mdb; protected ,----/ + / Eric Stevens \ /--/ ejsteven () cs millersv edu \ / Dept. of Computer Science \ '----/ Millersville University, PA +
-----Original Message----- From: Bugtraq List [mailto:BUGTRAQ () netspace org]On Behalf Of Ricardo Peres Sent: Thursday, February 04, 1999 4:57 PM To: BUGTRAQ () netspace org Subject: Re: Microsoft Access 97 Stores Database Password as Plaintext Hello, I have several password-protected MS Access databases, and *none* of them has it's password stored as plain text... Your exploit never worked! Best wishes, ------------------------------------------------------------------- ---------- Ricardo Peres E-mail: rjperes () student dei uc pt ICQ UIN: 708926 TM: 0931 9459192 Departamento de Engenharia Informática Universidade de Coimbra PORTUGAL ------------------------------------------------------------------- ---------- On Thu, 4 Feb 1999, Donald Moore (MindRape) wrote:====================================================================== Title: Microsoft Access 97 Stores Database Password as Plaintext Date: 02/03/99 Author: Donald Moore (MindRape) E-mail: damaged () futureone com ====================================================================== Microsoft Access 97 databases protected with a password are stored in foreign mdb's table attachements as plaintext. This can be accessed very easily by issuing a strings and grep operation on the foreign mdb. Example: % strings db1.mdb | grep -i "pwd" MS Access;PWD=plaintext;Table2pppppppjI'% MS Access;PWD=plaintext;Table1qqqqqqqkJ(& ====================================================================== Impact of Exploit ====================================================================== Having the password allows the secured mdb to be unlocked,giving permissionto view database objects, possibily revealing other database connection strings, propiertary source code, tampering of data. One such commercial database marketed by FMS, Inc., Total VB SourceBook 6.0, can be easily compromised using this method. ====================================================================== How to Recreate ====================================================================== 1. Create an mdb 2. Create a Table 3. Reopen the new mdb in exclusive mode 4. From the Tools Menu, select Security and then click Set Database Password 5. Set database password 6. Exit Access 7. Create another mdb 8. From the File Menu, select Get External Data, and click LinkTables....Select the passworded mdb and then select the table you created. 9. Exit Access 10. Perform a strings+grep on the 2nd mdb to reveal the password. - - - ------------------------------------------------- - -- --- ______ ______ . .:_\___ \\_ . \_::. Donald Moore (MindRape) . .::./ ./ // ./__/.:::. . _<_____/<____ >_:. Email: mindrape () home com . \/ . damaged () futureone com Damaged Cybernetics - - - ------------------------------------------------- - -- ---
Current thread:
- Re: Microsoft Access 97 Stores Database Password as Plaintext Paul Leach (Feb 04)
- <Possible follow-ups>
- Re: Microsoft Access 97 Stores Database Password as Plaintext Donald Moore (Feb 04)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Allan Marillier (Feb 04)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Kehoe, Anthony (Feb 05)
- FW: Microsoft Access 97 Stores Database Password as Plaintext Eric Stevens (Feb 05)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Fernald, Brian (Feb 05)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Sozni (Feb 05)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Ervin Fried (Feb 05)
- Re: Microsoft Access 97 Stores Database Password as Plaintext sozni () USA NET (Feb 08)
- Pine _again_ :) Chris Evans (Feb 08)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Stephen M. Milton (Feb 08)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Jim Paris (Feb 09)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Jim Paris (Feb 09)
- SECURITY: new wu-ftpd packages available (fwd) RHS Linux User (Feb 09)
- Re: SECURITY: new wu-ftpd packages available (fwd) Ronald Wahl (Feb 10)