RE: Password Hole Found In Webshots - (Webshots Confirmed)

["Shutters, Mike" <mshutters () titan com>]

> From Webshots (confirmed):

-----Original Message-----
From:   support () webshots com [SMTP:support () webshots com]
Sent:   Wednesday, December 18, 2002 9:33 AM
To:     Shutters, Mike
Subject:        Re: Password Hole Found In Webshots [T200212130039]

Hello Mike,

Thank you for contacting Webshots!

Unfortunately the password protection feature within our software is not
very reliable, our engineers are working on improving this feature for our
software.  We suggest that you use the password protection within your
operating system.  I apologize for the inconvenience.

Sincerely,

Belynda
______________________________________________
Customer Support Representative, www.webshots.com

Please include all prior messages in any responses


> -----Original Message-----
> From: Brian Carpenter [SMTP:brian.carpenter () wosc edu]
> Sent: Thursday, December 12, 2002 10:33 AM
> To:   bugtraq () securityfocus com
> Subject:      Password Hole Found In Webshots
>
>       I have descovered a hole in the webshots screensave program. On
> either
> a Win2K or xp machine that has it installed you can bypass the password
> on the screen saver by pressing Ctrl+Alt+Del wich brings up the Windows
> box that contains logout lockcomputer shutdown ect: Then you will hit
> cancel and boom you are at the desktop with all the permisions the
> previous user had. If you have windows password locking the screen saver
> you are able to  Ctrl+Alt+Del and then go to taskmanger and end the
> screen saver thus bringing you back to the desktop.
>
>       This works with both webshots password set up and the windows
> password
> setup on the computer. As long as webshots is used the hole is there.