Bugtraq mailing list archives
Re: Microsoft Access 97 Stores Database Password as Plaintext
From: marillal () nampak co za (Allan Marillier)
Date: Fri, 5 Feb 1999 09:20:29 +0200
Did you read all the steps involved in recreating this? It _does_ work. See steps 7 and 8 in the original message: Create a NEW mdb, and link it to the original. The password _is_ stored in the newly created file in plain text. The origianl message said that the password is stored in the second file. No claim was made that it is in the original. The point being made was not that passwords in a single mdb are at risk, but that an mdb that links to a password protected file places the original at risk. Ricardo Peres wrote:
Hello, I have several password-protected MS Access databases, and *none* of them has it's password stored as plain text... Your exploit never worked!
<snip>
Microsoft Access 97 databases protected with a password are stored in foreign mdb's table attachements as plaintext. This can be accessed
^^^^^^^^^^^ <snip>
7. Create another mdb 8. From the File Menu, select Get External Data, and click Link Tables.... Select the passworded mdb and then select the table you created. 9. Exit Access 10. Perform a strings+grep on the 2nd mdb to reveal the password.
Current thread:
- Re: Microsoft Access 97 Stores Database Password as Plaintext Paul Leach (Feb 04)
- <Possible follow-ups>
- Re: Microsoft Access 97 Stores Database Password as Plaintext Donald Moore (Feb 04)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Allan Marillier (Feb 04)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Kehoe, Anthony (Feb 05)
- FW: Microsoft Access 97 Stores Database Password as Plaintext Eric Stevens (Feb 05)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Fernald, Brian (Feb 05)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Sozni (Feb 05)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Ervin Fried (Feb 05)
- Re: Microsoft Access 97 Stores Database Password as Plaintext sozni () USA NET (Feb 08)
- Pine _again_ :) Chris Evans (Feb 08)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Stephen M. Milton (Feb 08)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Jim Paris (Feb 09)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Jim Paris (Feb 09)