Last time I checked, POP passwords were clear text anyway. Clear text in
--> Clear text out. Not sure about ICQ passwords, but I gather they're the
same. Not sure what kind of magic you're looking for.

And if you're letting someone access your dmp files, you've got much worse
problems. Chances are, they either have physical access to your machine
(need I say more?) or you've granted them access to connect to your system
files (whether on purpose or through a weak password).

I'd rather not bother with all the trouble to get access to your system,
I'd prefer to sit back and sniff your POP password while you retrieve your
mail. Call me lazy, but I don't like to work for my passwords.

===============
Fenris, The Wolf
cAre to lend a hAnd?
===============
It's a problem in nt4 sp6, also. In my experience, any program that takes a
password is vulnerable (depending on when the crash occurs). The
vulnerability, as mentioned previously, is in *where* NT places the User.dmp
by default: into a directroy that by default is accessible by the Everyone
group.
-Dennis
----- Original Message -----
From: <myrddin_eHUSHMAIL.COM>
To: <VULN-DEVSECURITYFOCUS.COM>
Sent: Sunday, April 01, 2001 6:30 PM
Subject: Re: ICQ crash-dump stores PLAINTEXT password. (creepy)

> No offense or discouragement intended, but if you are going to dedicate
> this much time and energy to hunting bugs, you really should work on a
more
> current release of software than NT4 SP4. I realize that it may make no
> difference in this case because the OS is not likely an issue, but still.
>
> -----Original Message-----
> From: -No Strezzz Cazzz
> To: VULN-DEVSECURITYFOCUS.COM
> Sent: 4/1/35 4:55 PM
> Subject: ICQ crash-dump stores PLAINTEXT password. (creepy)
>
> Made in Holland
> PCP/A #0008 (pr0ph)
>
>
> ICQ crash-dump stores PLAINTEXT password. (creepy)> Free, encrypted,
secure Web-based email at www.hushmail.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]