[9445] in bugtraq
Re: Microsoft Access 97 Stores Database Password as Plaintext
daemon@ATHENA.MIT.EDU (Stephen M. Milton)
Tue Feb 9 17:25:04 1999
Date: Mon, 8 Feb 1999 13:34:38 -0800
Reply-To: "Stephen M. Milton" <milton@ISOMEDIA.COM>
From: "Stephen M. Milton" <milton@ISOMEDIA.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199902081515.KAA25042@sol00371.dn.net>
The following text was posted to USENET, and indexed on a Russian cypherpunk
site. I found it when I was doing some work with Access 97 databses. I
think you will agree that this particular "feature" makes the linked
database password issue moot.
>Subject: Re: MS Access 2.0
>From: adam@homeport.org (Adam Shostack)
>Date: 1998/06/23
>Message-ID: <199806231244.IAA04637@homeport.org>
>Newsgroups: ailab.coderpunks
>[More Headers] [Image]
>[Subscribe to ailab.coderpunks]
>
> Part of doing research is to ensure you're not re-inventing
>the wheel before you start doing hard work. I'm perfectly happy to
>have Mike ask questions about this stuff; the answers are often
>enlightening to the rest of us.
>
> Anyway, Access97 passwords are stored in the 13 bytes from offset
>0x42 in a .mdb file. Do a bitwise XOR with 0x86, 0xFB, 0xEC, 0x37,
>0x5D, 0x44, 0x9C, 0xFA, 0xC6, 0x5E, 0x28, 0xE6, 0x13 to recover the
>plaintext. I think that if the first byte is 0x86, the password is
>not checked.
>
>Adam
Stephen M. Milton
System Administrator
ISOMEDIA, Inc.
