Re: Microsoft Access 97 Stores Database Password as Plaintext

miltonISOMEDIA.COM

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: BVE: "Re: ISS Internet Scanner Cannot be relied upon for conclusive"
• Previous message: GANG WANG: "Re: Buffer overflow in Solaris 2.6/2.7 /usr/bin/lpstat"
• In reply to: sozniUSA.NET: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
• Next in thread: Jim Paris: "Re: Microsoft Access 97 Stores Database Password as Plaintext"

The following text was posted to USENET, and indexed on a Russian cypherpunk
site.  I found it when I was doing some work with Access 97 databses.  I
think you will agree that this particular "feature" makes the linked
database password issue moot.

>Subject:      Re: MS Access 2.0
>From:         adamhomeport.org (Adam Shostack)
>Date:         1998/06/23
>Message-ID:   <199806231244.IAA04637homeport.org>
>Newsgroups:   ailab.coderpunks
>[More Headers]                                           [Image]
>[Subscribe to ailab.coderpunks]
>
>        Part of doing research is to ensure you're not re-inventing
>the wheel before you start doing hard work.  I'm perfectly happy to
>have Mike ask questions about this stuff; the answers are often
>enlightening to the rest of us.
>
>   Anyway, Access97 passwords are stored in the 13 bytes from offset
>0x42 in a .mdb file.  Do a bitwise XOR with 0x86, 0xFB, 0xEC, 0x37,
>0x5D, 0x44, 0x9C, 0xFA, 0xC6, 0x5E, 0x28, 0xE6, 0x13 to recover the
>plaintext.  I think that if the first byte is 0x86, the password is
>not checked.
>
>Adam

Stephen M. Milton
System Administrator
ISOMEDIA, Inc.

• Next message: BVE: "Re: ISS Internet Scanner Cannot be relied upon for conclusive"
• Previous message: GANG WANG: "Re: Buffer overflow in Solaris 2.6/2.7 /usr/bin/lpstat"
• In reply to: sozniUSA.NET: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
• Next in thread: Jim Paris: "Re: Microsoft Access 97 Stores Database Password as Plaintext"