Bugtraq mailing list archives
Password problem in Trumpet Winsock.
From: null () WEB PIEDMONT EDU (null)
Date: Sun, 6 Apr 1997 16:39:27 -0400
I've known of this bug for over a year and a half now, and am tired of waiting to see if Trumpet will ever fix it. It is possible to open trumpwsk.ini, take the encrypted string for the $password= variable, and place it in the ppp-username= variable. This, allows one to start up tcpman.exe,g oto File > PPP Options and get the user's password. Impact: You may say 'What does this have to do with me, I use UNIX?', and the answer is, anyone can gain access to your system, if one of your users uses TWSK. TWSK is the most common used TCP/IP stack for Windows 3.x and is also used by many Windows95/NT users. This 'bug' works on all version and can lead to serious compromising of security. All one needs is access to a user's machine. One can do computer work for a user (orjust drop by while they're not home or at work), steal their ISP info, and then have access to your machine. They can then do a variety of things. Probe for local bug to exploit, initiating denial of service tactics (i.e. icmp flooding), get a members account cancled, etc. Hopefully Trumpet will change their encryption scheme, and make no variable convertable to clear text in the application, or if needed, at least use seperate encryption schemes for them. -null aka Mark Baker (security consultant and part time chainsaw-tofu artist)
Current thread:
- Password problem in Trumpet Winsock. null (Apr 06)
- Linux - buffer overflow in filter Mikhail Iakovlev (Apr 06)
- Re: Password problem in Trumpet Winsock. John Sheehy (Apr 06)
- Re: Password problem in Trumpet Winsock. Michael Douglass (Apr 07)
- Netware + Win95 issue Lauri Laupmaa (Apr 07)
- Re: Netware + Win95 issue Paul Melson (Apr 08)
- Another one javascript exploit attempt? Andrew V. Kovalev (Apr 07)
- DUMP of NT system crash Vytautas Vysniauskas (Apr 07)
- Re: Password problem in Trumpet Winsock. Paul Melson (Apr 07)
- BoS: /etc/default/login LOCKOUT= creates arbitrary files (fwd) Illuminati Primus (Apr 07)
- Re: BoS: /etc/default/login LOCKOUT= creates arbitrary files (f Eugene Bradley (Apr 08)
(Thread continues...)