Vulnerability Development mailing list archives

Re: Timbuktu32

From: root () RGFSPARC CR USGS GOV (Robert G. Ferrell)
Date: Tue, 5 Oct 1999 08:08:49 -0500

Here's a few bits of weirdness I've noticed with Timbuktu.

 Someone sent an internal email
noting that the passwords would show up.  I.e. if someone had connected to
your machine, and you pulled up the app after, there was their password
showing in the clear.....I think it was build 635 that did this.


For further elucidation, here's the transcript of a message I sent to Netopia
about this issue back in May:

=========================================================================

 Original Message (05/04/99 at 07:37:14):
 System: Micron GoBook2  Pentium II 96 MB RAM
 OS: Windows 98  (4.10)
 3Com Megahertz LAN + 56K Modem PC Card
 RE:    Timbuktu Pro 32, build 503

 Whenever I start Timbuktu, in the TCP/IP tab the first TCP/IP Address entry
 is always my Windows Client logon password, in plain text.  I've tracked this
 to  HKEY_LOCAL_MACHINE\Software\Netopia\Timbuktu Pro\NetPlaces in the
 registry and removed it, but it comes right back the next time I reboot, even
 if I don't logon to the machine as myself.  I've never entered this as an "IP
 address'  when connecting to remote systems; in fact, I use IP addresses
 exclusively (no hostnames).  I'm a  little concerned about this as a
 possible security risk.

 Thanks for you attention.

From:   Ask_Netopia () netopia com <mailto:Ask_Netopia () netopia com>
[SMTP:Ask_Netopia () netopia com] <mailto:[SMTP:Ask_Netopia () netopia com]>
Sent:   Tuesday, May 04, 1999 8:17 PM
To:     Robert G Ferrell,  San Antonio, TX
Subject:        Tech Supp / Timbuktu Pro 32

Hello Robert,

Thanks for your email.
We have resolved this problem with the latest build of Timbuktu Pro 32
(build 650).  You can get a free upgrade to build 650 from our web site:
<http://www.timbuktupro.com/software/tb2/win/upgrades.html
<http://www.timbuktupro.com/software/tb2/win/upgrades.html> >.
Regards,
Lauren

Netopia, Inc.
Netopia Virtual Office and Timbuktu NT, Windows and Mac Software Tech
Support
                EMAIL: techsports () netopia com
<mailto:techsports () netopia com>
WORLD WIDE WEB: <http://www.netopia.com <http://www.netopia.com> >
ANONYMOUS FTP: <ftp://ftp.netopia.com/pub <ftp://ftp.netopia.com/pub> >
                PHONE: 510-814-5000    6:00 a.m. - 5:30 p.m.  PST
                FAX DIRECT: 510-814-5023
FAX BACK SERVER: 510-814-5040    24 hours

Netopia Reference Codes
------------------------
Person#:1318455
Vent#:1691371
Email#:3039657

----------*----------
        
============================================================================

Robert G. Ferrell
Internet Technologist
National Business Center, US DoI
Robert_G_Ferrell () nbc gov
**********************************
**** I hack, therefore I am ******
**********************************

Current thread:

Timbuktu32 Blue Boar (Oct 04)
- <Possible follow-ups>
- Re: Timbuktu32 Robert G. Ferrell (Oct 05)