OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: NT Screen Saver Password Protect Bug
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NT Screen Saver Password Protect Bug

  • To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
  • Subject: Re: NT Screen Saver Password Protect Bug
  • From: Paul Leach <paulleMICROSOFT.COM>
  • Date: Wed, 25 Mar 1998 10:30:23 -0800
  • Comments: To: Michael Grundy <grundymUS.IBM.COM>
  • Reply-To: Paul Leach <paulleMICROSOFT.COM>
  • Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
While none of the "exploits" described so far actually are security holes
(since they all involve the admin), some of the facts surrounding how
screensavers appear to work are suspicious, and we're looking into them.

> ----------
> From:         Michael Grundy[SMTP:grundymUS.IBM.COM]
> Reply To:     Michael Grundy
> Sent:         Wednesday, March 25, 1998 5:30 AM
> To:   NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
> Subject:      Re: NT Screen Saver Password Protect Bug
>
> > how easily the password mechanism in screen savers can be by-passed
>
> This is the part of the arguments goin on that is of particular conern to
> me.
> The properly written screen savers (or at least the ones that come with
> NT)
> will not use their internal (used under WIN95) password mechanism under NT
> (otherwise you would get two password prompts). When you specify a screen
> saver
> to be password protected you are actually telling WINLOGON to lock the
> workstation (LockWindowsStation API call?) after the screen saver kicks
> off.
> The screen saver file not being there chokes it when it goes to call that
> routine again. Notice how when the timeout expires, the "press
> ctrl+alt+del to
> unlock" dialog diappears. To me this looks like a problem with
> WINLOGON.EXE and
> thats my big concern.
>
> Thanks,
> Mike
>
> =============================================
> Michael Grundy    internet: grundymus.ibm.com
> Systems Managment Technical Support
> IBM Global Services - Service Delivery Center North
>