Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Microsoft Access 97 Stores Database Password as Plaintext

From: milton () ISOMEDIA COM (Stephen M. Milton)
Date: Mon, 8 Feb 1999 13:34:38 -0800

The following text was posted to USENET, and indexed on a Russian cypherpunk
site.  I found it when I was doing some work with Access 97 databses.  I
think you will agree that this particular "feature" makes the linked
database password issue moot.


Subject:      Re: MS Access 2.0
From:         adam () homeport org (Adam Shostack)
Date:         1998/06/23
Message-ID:   <199806231244.IAA04637 () homeport org>
Newsgroups:   ailab.coderpunks
[More Headers]                                           [Image]
[Subscribe to ailab.coderpunks]

       Part of doing research is to ensure you're not re-inventing
the wheel before you start doing hard work.  I'm perfectly happy to
have Mike ask questions about this stuff; the answers are often
enlightening to the rest of us.

  Anyway, Access97 passwords are stored in the 13 bytes from offset
0x42 in a .mdb file.  Do a bitwise XOR with 0x86, 0xFB, 0xEC, 0x37,
0x5D, 0x44, 0x9C, 0xFA, 0xC6, 0x5E, 0x28, 0xE6, 0x13 to recover the
plaintext.  I think that if the first byte is 0x86, the password is
not checked.

Adam


Stephen M. Milton
System Administrator
ISOMEDIA, Inc.
Previous By Date Next
Previous By Thread Next

Current thread: