Vulnerability Development mailing list archives
Vulnerability in winzip password protection ?
From: Kerozene <kerozene () phreaker net>
Date: Thu, 14 Mar 2002 21:24:05 -0300
Vulnerability in all winzip versions?: Author: Pablo Sabbatella Site: www.hackemate.com.ar Date: 14-03-2002 I dont know if this a security bug, vulnerability or whatever, but I found it was pretty dangerous. Lets suppouse we want to secure the file secret.txt, so we zip it with winzip and choose to protect it with a password we only know. We save it and then one day we decide to access it, so we open it, we enter the password, it opens secret.txt, we close Winzip and we visualize the file that we had protected before. After watching it, we close it and get to another thing. Well, this proccess seems quite common, but if you open a passworded file and you close Winzip before closing the file, that file will be stored with NO PASSWORD PROTECTION in C:\Windows\Temp or your predeterminated Temp directory. This only affects users who sahre the computer with others, and paranoic :). Possible fixes: - DonĀ“t close winzip till you finish with the secured file - Empty Temp Directory after each session in Winzip with passworded files - Microsoft, could make a patch for those files to be automaticaly deleted or not stored in Temp directory. Greetz to you all guys Pablo Sabbatella sabbatella () hackemate com ar www.Hackemate.com.ar ICQ: 126270302
Current thread:
- Vulnerability in winzip password protection ? Kerozene (Mar 16)
- <Possible follow-ups>
- RE: Vulnerability in WinZip password protection ? Abel, Chris (Mar 16)