|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
MS Word connected to DB/2: Cleartext host uid & pwd in document!
- To: NTBUGTRAQ
LISTSERV.NTBUGTRAQ.COM - Subject: MS Word connected to DB/2: Cleartext host uid & pwd in document!
- From: "Kusche, Klaus" <Klaus.KuscheOOE.GV.AT>
- Date: Wed, 18 Mar 1998 15:39:02 +0100
- Comments: To: "bugtraqnetspace.org" <bugtraqnetspace.org>
- Reply-To: "Kusche, Klaus" <Klaus.KuscheOOE.GV.AT>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
Our office automation group asked me to post the following: Environment: MS NT 4.0 MS Word 97 IBM DB2 ODBC Client (and DB/2 on an OS/390 mainframe) What to do: 1.) Create a Word document referring to the database (e.g. a mass mailing letter accessing a DB/2 address database). 2.) Connect to the database, enter your userid and password for the database server in the dialog. 3.) Save the document while the database connection is still established (i.e. while you can still browse through the data in the database). Effect: The saved Word document contains your database server userid and password ***in cleartext***!!! (except for a blank inserted every second character, e.g. "pass" is stored as "p a s s"). You can check with any ASCII editor, e.g. Notepad. Not good if your documents are on a fileshare to which others have read access, even worse if you attach such a document to an external email! We didn't check if the same is true for other MS Office applications (Excel, ...) and for other databases requiring userids and passwords, but we see no reason why other ODBC connections should behave better. DI. Dr. Klaus Kusche Oberoesterreichische Landesregierung / Government of Upper Austria Rechenzentrum / Computing Centre Smail: Kaerntnerstrasse 16, A-4020 Linz, Austria (Europe) Phone: +43 732 7720 - 3394 Fax: +43 732 7720 3198 Email: Klaus.Kusche
- Prev by Date: Re: IE 4.01 bugs in Win95 & WinNT. (long)
- Next by Date: legitimate use of recursive document loading into IE4
- Prev by thread: Administrivia #8661
- Next by thread: legitimate use of recursive document loading into IE4
- Index(es):