Full Disclosure mailing list archives
Re: Nortel VPN Client Issue: Clear-text password stored in memory
From: Burak DAYIOGLU <dayioglu () metu edu tr>
Date: Tue, 22 Mar 2005 23:34:22 +0200
Roy,I read your advisory regarding the Norvel VPN client. If I am not mistaken, the authentication keys are stored in the registry hive HKEY_CURRENT_USER (per user key stores).
If it is so, you should start the VPN client as the victim user to attack the process memory image (or else you have to be administrator).
Am I missing something? regards, -bd _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Nortel VPN Client Issue: Clear-text password stored in memory Roy Hills (Mar 22)
- <Possible follow-ups>
- Re: Nortel VPN Client Issue: Clear-text password stored in memory Burak DAYIOGLU (Mar 22)