Bugtraq mailing list archives
Re: Password Hole Found In Webshots
From: "Ian Nguyen" <inguyen () netspace net au>
Date: Fri, 13 Dec 2002 09:50:58 +1100
Confirmed. As it is, I don't think Webshots offers much in the way of securing a user's desktop even though it has the password protection feature. But it is just that, a screensaver, which just display pretty images. I think what Brian is trying to say here is if you want to lock your desktop, use Windows' Ctrl+Alt+Del function instead. Ian ----- Original Message ----- From: "Brian Carpenter" <brian.carpenter () wosc edu> To: <bugtraq () securityfocus com> Sent: Friday, December 13, 2002 5:33 AM Subject: Password Hole Found In Webshots
I have descovered a hole in the webshots screensave program. On either a Win2K or xp machine that has it installed you can bypass the password on the screen saver by pressing Ctrl+Alt+Del wich brings up the Windows box that contains logout lockcomputer shutdown ect: Then you will hit cancel and boom you are at the desktop with all the permisions the previous user had. If you have windows password locking the screen saver you are able to Ctrl+Alt+Del and then go to taskmanger and end the screen saver thus bringing you back to the desktop. This works with both webshots password set up and the windows password setup on the computer. As long as webshots is used the hole is there.
Current thread:
- Password Hole Found In Webshots Brian Carpenter (Dec 12)
- Re: Password Hole Found In Webshots Ian Nguyen (Dec 12)