[8911] in bugtraq
security problem with Royal daVinci
daemon@ATHENA.MIT.EDU (Dustin Destree (sigel))
Sun Jan 3 17:12:08 1999
Date: Fri, 1 Jan 1999 17:51:05 -0800
Reply-To: "Dustin Destree (sigel)" <sigel@QUIKNET.COM>
From: "Dustin Destree (sigel)" <sigel@QUIKNET.COM>
To: BUGTRAQ@NETSPACE.ORG
This is a multi-part message in MIME format.
------=_NextPart_000_0050_01BE35AF.4E1C9EC0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
ok, aleph, you told me that when I find a security problem with the =
daVinci, to let you know, ok here it is:
the PIM software for the computer (that the daVinci synches with) stores =
all data in .mdb (MS Access format), and with the PIM software, private =
records can be set up to require a password, if you use MS Access to =
read the .mdb files, you can open up the files and get the personal =
information without requiring any password whatsoever.
This bug was found by david breslauer, and another avid reader of my =
daVinci site:
http://www.quiknet.com/~sigel/davinci
--
Dustin Destree
sigel@quiknet.com / sigel@oldwarez.com
System Administrator SW Inc / GhettoNET
System Administrator The Static Void Project
------=_NextPart_000_0050_01BE35AF.4E1C9EC0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">
<HTML>
<HEAD>
<META content=3Dtext/html;charset=3Diso-8859-1 =
http-equiv=3DContent-Type>
<META content=3D'"MSHTML 4.72.3612.1700"' name=3DGENERATOR>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT color=3D#000000 size=3D2>ok, aleph, you told me that when I =
find a=20
security problem with the daVinci, to let you know, ok here it =
is:</FONT></DIV>
<DIV><FONT size=3D2>the PIM software for the computer (that the daVinci =
synches=20
with) stores all data in .mdb (MS Access format), and with the PIM =
software,=20
private records can be set up to require a password, if you use MS =
Access to=20
read the .mdb files, you can open up the files and get the personal =
information=20
without requiring any password whatsoever.</FONT></DIV>
<DIV><FONT size=3D2>This bug was found by david breslauer, and another =
avid reader=20
of my daVinci site:</FONT></DIV>
<DIV><FONT size=3D2>http://www.quiknet.com/~sigel/davinci</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2>--<BR>Dustin Destree<BR><A=20
href=3D"mailto:sigel@quiknet.com">sigel@quiknet.com</A> / <A=20
href=3D"mailto:sigel@oldwarez.com">sigel@oldwarez.com</A><BR>System =
Administrator=20
SW Inc / GhettoNET<BR>System Administrator The Static Void=20
Project</FONT></DIV></BODY></HTML>
------=_NextPart_000_0050_01BE35AF.4E1C9EC0--