[20229] in bugtraq
ActiveSync can access a locked workstation w/o unlocking
daemon@ATHENA.MIT.EDU (Jeff.Samples)
Mon Apr 16 14:54:44 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-ID: <C9E878EC530BD4118AE60050DAB6B73220DBA1@v_king.kanawhastone.com>
Date: Mon, 16 Apr 2001 08:05:49 -0400
Reply-To: "Jeff.Samples" <Jeff.Samples@TERRADON.COM>
From: "Jeff.Samples" <Jeff.Samples@TERRADON.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Microsoft was notified on 3/28/2001, you may use my name when publishing
this. I cannot register on your site, so I am trying the general e-mail
addresses.
Platforms tested:
===================================================
Microsoft Windows 2000 Professional (build 2195) w/ SP1
Microsoft ActiveSync 3.1 (tested using HP Jornada 540 Series running Windows
PocketPC (CE v 3.0.948 Build 9357)
Issue:
===================================================
MS ActiveSync can access files (Outlook appts, contacts, synced files, etc)
from a Win2K workstation even though the workstation has been locked. By
simply dropping the HP into the dock, or hooking it up to the COM
port(depending on which sync method is configured), it will sync and
download data from a "locked" workstation. Yikes!
Jeffrey A. Samples,
Vice President, Product Development
TERRADON Communications Group
<http://www.terradoncommunications.com/>
ph. - 304.755.1324
fx. - 304.755.8274
