Vulnerability Development mailing list archives

Plain text password for Microsoft (icwip.dun)

From: Steven Jones <bigpoop () clara co uk>
Date: Tue, 09 Jul 2002 12:27:15 +0100

24 june 2002
------------

Username, password + free phone number for microsoft (distributed with 
IE 5 + 6)
------------------------------------------------------------------------
--------
Discovered By: Big poop root () NetworkPenetration com


Untested: IE 4
          Mac versions of IE


Vulnerable Files
----------------
icwip.dun, icwx25a.dun, icwx25b.dun, icwx25c.dun 
The above files contain a username and password stored in plaintext for 
microsoft.com (found 19/june/2002)

phone.icw - contains numerous free phone numbers for above user name 
and password


Other vulnerable files not installed but sometimes downloaded from ISP'
s 
------------------------------------------------------------------------

*.isp / *.ins - The internet communication setting file also stores 
user name and passwords in plain text (well known fact, i'm probably 
not the first to notice this)


Details
-------

When a user wishes to access the internet but doesn't have a specific 
ISP in mind a user a can use microsofts connection wizzard to download 
a list of ISPs. This wizzard dials to a free phone number stored in 
phone.icw and then uses one of the icw*.dun files to authenicate itself 
to the network (depending on where in the world you are depends on 
which icw*.dun dile is used) Under normal circumstances the connection 
wizzard connects to ispreferals.microsoft.com (207.46.152.15) and 
downloads a list of local ISP's via series of cab files stored in 
various 4 letter directories on the server. The username stored in the 
icw*.dun file is "icw5 () gn microsoft com" and the password is "icw5". 
One of the dial up servers connected to was tnt59.lnd1.uk.uudial.net. 
As you can see this is not a microsoft machine but it does allow you to 
access various microsoft machines. (If you are in the UK you connect to 
the science park in Cambridge, one of Microsofts research centers). 

Recommendations
---------------
Store passwords in an encrypted form

--
Big Poop
root () NetworkPenetration com

Current thread:

Plain text password for Microsoft (icwip.dun) Steven Jones (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Roland Postle (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Knud Erik Højgaard (Jul 09)
  - Re: Plain text password for Microsoft (icwip.dun) Roland Postle (Jul 09)
    - Re: Plain text password for Microsoft (icwip.dun) Knud Erik Højgaard (Jul 09)
    - Re: Plain text password for Microsoft (icwip.dun) hellNbak (Jul 09)
    - Re: Plain text password for Microsoft (icwip.dun) Valdis . Kletnieks (Jul 09)
    - Re: Plain text password for Microsoft (icwip.dun) hellNbak (Jul 09)
    - Re: Plain text password for Microsoft (icwip.dun) Blue Boar (Jul 09)
    - Palladium dullien (Jul 10)
    - Malicious COM Surrogates Jason Coombs (Jul 29)

(Thread continues...)