|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Dennis McHenry (ronmch
LIGHTMAIL.COM)Date: Mon Apr 02 2001 - 19:03:12 CDT
It's a problem in nt4 sp6, also. In my experience, any program that takes a
password is vulnerable (depending on when the crash occurs). The
vulnerability, as mentioned previously, is in *where* NT places the User.dmp
by default: into a directroy that by default is accessible by the Everyone
group.
-Dennis
----- Original Message -----
From: <myrddin_eHUSHMAIL.COM>
To: <VULN-DEVSECURITYFOCUS.COM>
Sent: Sunday, April 01, 2001 6:30 PM
Subject: Re: ICQ crash-dump stores PLAINTEXT password. (creepy)
> No offense or discouragement intended, but if you are going to dedicate
> this much time and energy to hunting bugs, you really should work on a
more
> current release of software than NT4 SP4. I realize that it may make no
> difference in this case because the OS is not likely an issue, but still.
>
> -----Original Message-----
> From: -No Strezzz Cazzz
> To: VULN-DEVSECURITYFOCUS.COM
> Sent: 4/1/35 4:55 PM
> Subject: ICQ crash-dump stores PLAINTEXT password. (creepy)
>
> Made in Holland
> PCP/A #0008 (pr0ph)
>
>
> ICQ crash-dump stores PLAINTEXT password. (creepy)
> Free, encrypted, secure Web-based email at www.hushmail.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]