[9368] in bugtraq
Re: Microsoft Access 97 Stores Database Password as Plaintext
daemon@ATHENA.MIT.EDU (Ricardo Peres)
Fri Feb 5 05:17:30 1999
Date: Thu, 4 Feb 1999 21:56:46 +0000
Reply-To: Ricardo Peres <rjperes@STUDENT.DEI.UC.PT>
From: Ricardo Peres <rjperes@STUDENT.DEI.UC.PT>
X-To: "Donald Moore (MindRape)" <mindrape@HOME.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <000501be502f$a30bd820$57c60118@cx282008-a.phnx3.az.home.com>
Hello,
I have several password-protected MS Access databases, and *none* of
them has it's password stored as plain text... Your exploit never worke=
d!
Best wishes,
-----------------------------------------------------------------------=
------
Ricardo Peres
E-mail: rjperes@student.dei.uc.pt
ICQ UIN: 708926
TM: 0931 9459192
Departamento de Engenharia Inform=E1tica
Universidade de Coimbra
PORTUGAL
-----------------------------------------------------------------------=
------
On Thu, 4 Feb 1999, Donald Moore (MindRape) wrote:
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> Title: Microsoft Access 97 Stores Database Password as Plaintext
> Date: 02/03/99
> Author: Donald Moore (MindRape)
> E-mail: damaged@futureone.com
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>
> Microsoft Access 97 databases protected with a password are stored in
> foreign mdb's table attachements as plaintext. This can be accessed =
very
> easily by issuing a strings and grep operation on the foreign mdb.
>
> Example:
> % strings db1.mdb | grep -i "pwd"
>
> MS Access;PWD=3Dplaintext;Table2pppppppjI'%
> MS Access;PWD=3Dplaintext;Table1qqqqqqqkJ(&
>
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> Impact of Exploit
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>
> Having the password allows the secured mdb to be unlocked, giving per=
mission
> to view database objects, possibily revealing other database connecti=
on
> strings, propiertary source code, tampering of data. One such commer=
cial
> database marketed by FMS, Inc., Total VB SourceBook 6.0, can be easil=
y
> compromised using this method.
>
>
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> How to Recreate
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>
> 1. Create an mdb
> 2. Create a Table
> 3. Reopen the new mdb in exclusive mode
> 4. From the Tools Menu, select Security and then click Set Database
> Password
> 5. Set database password
> 6. Exit Access
> 7. Create another mdb
> 8. From the File Menu, select Get External Data, and click Link Tabl=
es....
> Select
> the passworded mdb and then select the table you created.
> 9. Exit Access
> 10. Perform a strings+grep on the 2nd mdb to reveal the password.
>
>
> - - - ------------------------------------------------- - -- ---
> ______ ______ .
> .:_\___ \\_ . \_::.
> Donald Moore (MindRape) . .::./ ./ // ./__/.:::. .
> _<_____/<____ >_:.
> Email: mindrape@home.com . \/ .
> damaged@futureone.com Damaged Cybernetics
> - - - ------------------------------------------------- - -- ---
>
