[39429] in bugtraq
Passwords in RAM dumps [formally Novell GroupWise Plain Text
daemon@ATHENA.MIT.EDU (Anything But Microsoft)
Tue Jul 5 18:41:07 2005
Message-Id: <s2c98bfa.062@mx.mentalfloss.net>
Date: Mon, 04 Jul 2005 19:19:55 -0400
From: "Anything But Microsoft" <abm@anythingbutmicrosoft.org>
To: "<@securityfocus.com BUGTRAQ" <BUGTRAQ@securityfocus.com>,
<securityteam@truedson.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
App after app tested by me here finds my user name and password in memory. Two apps out of fourteen tested stored the password in RAM with some type of hash. But I wouldn't be surprised if this was easily translated.
I've only looked at the running process of five apps on Linux so far but have yet to find a password in plain text.
Do we conclude this is a Windows problem? Or are Windows programmers lazy, poorly trained or in general a bunch that don't care about security? (like Bill G, expept when convenient and not compromising the monopoly?)
