[8267] in bugtraq
Re: 13 tiny bytes to show the huge sillyness of our great common
daemon@ATHENA.MIT.EDU (Tero Pelander)
Fri Oct 23 18:29:09 1998
Date: Thu, 22 Oct 1998 11:43:04 +0300
Reply-To: Tero Pelander <tpeland@TKUKOULU.FI>
From: Tero Pelander <tpeland@TKUKOULU.FI>
X-To: bt398 <bt398#@SOTON.AC.UK>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199810212306.XAA25124@central.napier.ac.uk>
On Wed, 21 Oct 1998, bt398 wrote:
> Microsoft did it the other way. The function returns the uncrypted password
> to a buffer (... no comment).
>
> Indeed, this is not _big_ deal but if a user has access to your computer
> after you logged then he can easily retrieve your password.. And I am sure
> that a lot of people uses the same password for their mail and their
> windows password (so it is somewhat a security problem). I attached a small
> program that prompts the password of the user (you must have logged in
> first); this only work on Windows for Workgroup 3.11 and Windows 95
> (Windows 98 and Windows NT are not affected -hopefully-).
[cachepig.zip removed]
NT (4.0 SP3+hotfixes) isn't affected, 98 is affected
