[6422] in bugtraq
Re: Clipboard insecurity
daemon@ATHENA.MIT.EDU (Fiji)
Tue Mar 31 02:00:28 1998
Date: Tue, 31 Mar 1998 00:27:35 -0500
Reply-To: Fiji <jfay@STETSON.EDU>
From: Fiji <jfay@STETSON.EDU>
X-To: Jim Credland <jim@DEMON.Net>,
Kelly Elizabeth Kannon <kkannon@stetson.edu>,
Michael H Gray <mgray@stetson.edu>,
Jack L Harman <jharman@stetson.edu>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199803301631.RAA22886@joliet.security.demon.net>
It is also possible to paste passwd info on NT and Novell clients.
There have been a few occasions where users have typed in their passwd and
before hitting enter have decided to highlight and erase their passwd. I
can come along after these unscrupolous users and right click then paste
their passwd back again.
-Fiji
CIT Stetson University
Unix System Administrator
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3a
mQCNAzOSFEwAAAEEAJ/dkb5cymjDsl51GVBiugJW263udNqxQr6R40tJGNF3yTZ2
idP4K9Pxw/1D2LQ/tOdSLJYGX6x9Y5KqJ4ZtdRVnh4pbaYVcbCwLDyWg+iy/mCpj
J2R5WMrVTsTdxA4g1nzYPg30IQhy7Ll4R3JhXa9lUm4j0pdM9RTsR6Z4DLQNAAUR
tBBmYXlqQHN0ZXRzb24uZWR1iQCVAwUQM5IUTBTsR6Z4DLQNAQHsMAP9F8kHBgc6
jrB0XJ4qUn1ihdigQjF0S3PqOOu1uk1kMWI7obB54ORT4b1Dw7BqUirBohJPn+ka
R89Ny0U95nZFX2WoQXDtRlqdVXAC9ZAoTpljiZpM7EtDWB4SXhsoXcb+1M7Lw5Un
14aq2b9YAUGryQy1ivkz8V9du4nUB/YkNLI=
=q7uq
-----END PGP PUBLIC KEY BLOCK-----
On Mon, 30 Mar 1998, Jim Credland wrote:
> Date: Mon, 30 Mar 1998 17:31:54 +0100
> From: Jim Credland <jim@DEMON.NET>
> To: BUGTRAQ@NETSPACE.ORG
> Subject: Clipboard insecurity
>
> I don't know if this has been mentioned before, it was certainly new to
> Microsoft when I mentioned it too them.
>
> If you lock your workstation it's still possible to paste the contents of the
> clipboard buffer into the "User name" prompt. Not terribly clever for hiding
> what you've been doing.
>
> Microsoft acknowledge the problem but made no promises about fixing it.
> Obvious workaround.
>
> --
> jim credland network security
> who can you trust? demon internet ltd
>
