[24457] in bugtraq
... Tiny Personal Firewall ...
daemon@ATHENA.MIT.EDU (Andrew Barkley)
Thu Feb 28 23:32:19 2002
Message-ID: <20020228125344.5766.qmail@cpdvg201.cms.usa.net>
Date: 28 Feb 2002 14:53:44 SAST
From: Andrew Barkley <andrew.barkley@usa.net>
To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Hi ...
Scanning hosts running the Tiny Personal Firewall (2.0.15a) on W2K
workstations that have been locked (ctl + alt + del)
The popup alert/dialogue jumps to the foreground, thus open to accept
permit/deny input from the local console, even when the workstations are
locked (ctl + alt + del). Thus an untrusted individual whom has local access
to individuals workstations can scan a workstation/network, wait for the popup
alert dialogue and enter "permit" on unattended (locked workstations) without
the owners permission/knowledge, No need to first unlock (ctl + alt + del)
...
CHEERS ...
