Bugtraq mailing list archives
Re: 13 tiny bytes to show the huge sillyness of our great common
From: tpeland () TKUKOULU FI (Tero Pelander)
Date: Thu, 22 Oct 1998 11:43:04 +0300
On Wed, 21 Oct 1998, bt398 wrote:
Microsoft did it the other way. The function returns the uncrypted password to a buffer (... no comment). Indeed, this is not _big_ deal but if a user has access to your computer after you logged then he can easily retrieve your password.. And I am sure that a lot of people uses the same password for their mail and their windows password (so it is somewhat a security problem). I attached a small program that prompts the password of the user (you must have logged in first); this only work on Windows for Workgroup 3.11 and Windows 95 (Windows 98 and Windows NT are not affected -hopefully-).
[cachepig.zip removed] NT (4.0 SP3+hotfixes) isn't affected, 98 is affected
Current thread:
- 13 tiny bytes to show the huge sillyness of our great common bt398 (Oct 21)
- Re: 13 tiny bytes to show the huge sillyness of our great common Tero Pelander (Oct 22)
- bof in sdtcm_convert (Solaris 2.5) Joel Eriksson (Oct 23)
- buffer overflow vulnerability in netscape 3.0 to 4.5 Paul Boehm (Oct 23)
- Re: buffer overflow vulnerability in netscape 3.0 to 4.5 Paul Boehm (Oct 23)