[154] in Best-of-Security
BoS: OBDC security hole
daemon@ATHENA.MIT.EDU (Carl Tanner Sr.)
Tue May 13 10:12:33 1997
Date: Mon, 12 May 1997 11:36:45 -0400
Reply-To: Windows NT BugTraq Mailing List <NTBUGTRAQ@RC.ON.CA>,
"Carl Tanner Sr." <Tanner1@USAGL.COM>
From: "Carl Tanner Sr." <Tanner1@USAGL.COM>
Errors-To: best-of-security-request@suburbia.net
To: best-of-security@suburbia.net
Resent-From: best-of-security@suburbia.net
I must apologize if this question has already been answered on this
mailing list, but I am a recent subscriber and this just came up from
our development crew.
As I understand it (from them), by using the OBDC API, there is a
command ( OBDCtrace) which can be used to detect UserID and Password of
any accounts accessing the DataBases.
This seems to me to be a major security hole in any NT system using
databases.
Has there been any discussion, solutions, or other postings about this
potential exploit?
