Bugtraq mailing list archives
Re: BugTraq: EFS Win 2000 flaw
From: Alexander Ivanchev <ai () BULINFO NET>
Date: Sat, 20 Jan 2001 02:11:02 +0100
Hello. Correct me if I'm wrong, but the use of programs that utilize direct disk access (such as DiskProbe) is restricted to the Local Administrator account (as per http://www.microsoft.com/windows2000/guide/professional/solutions/manageme nt.asp). If an would be attacker has this kind of access, he automatically has the sufficient power (due to the existence of the recovery agent certificate, unless the computer is part of a domain (but that's another story) to decrypt any locally stored file. Nevertheless good work. This particular behavior of handling .tmp files by the EFS code shows some poor design on Microsoft's part. Regards, Alexander -----Original Message----- From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of Rickard Berglind Sent: Friday, January 19, 2001 12:30 To: BUGTRAQ () SECURITYFOCUS COM Subject: BugTraq: EFS Win 2000 flaw I have found a major problem with the encrypted filesystem ( EFS ) in Windows 2000 which shows that encrypted files are still very available for a thief or attacker. <snip>
Attachment:
smime.p7s
Description:
Current thread:
- BugTraq: EFS Win 2000 flaw Rickard Berglind (Jan 19)
- Re: BugTraq: EFS Win 2000 flaw Alexander Ivanchev (Jan 22)
- Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 24)
- <Possible follow-ups>
- Re: BugTraq: EFS Win 2000 flaw Russ (Jan 22)
- Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Timothy J. Miller (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Ryan Russell (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Jeremy Epstein (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 24)
- Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 25)
- Re: BugTraq: EFS Win 2000 flaw Kirk Corey (Jan 25)
- Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Alexander Ivanchev (Jan 22)