RE: Re[2]: SECURITY ALERT: Password protection bug in Netscape 2

• To: Michael Brennen <mbrennen@fni.com>
• Subject: RE: Re[2]: SECURITY ALERT: Password protection bug in Netscape 2
• From: Brain21 <brain21@montag33.residence.gatech.edu>
• Date: Thu, 21 Dec 1995 11:58:09 -0500 (EST)
• cc: Paul Leach <paulle@microsoft.com>, www-security@ns2.rutgers.edu
• In-Reply-To: <Pine.LNX.3.91.951220090239.7977N-100000@ns1.fni.com>

On Wed, 20 Dec 1995, Michael Brennen wrote:

> 
> Does Win95 have a startup level password (and I don't know because I don't
> run Win95) to prevent access at all unless a valid password is entered? 
> 
It does for networking, but I'm not sure about standalone.  Unfortunately 
you can get around it by entering a bogus username and password.  Now 
Win95 has different desktops for different users, so logging in as 
"bogus" w/ a passwd of "1234," for example, will not get you the same 
desktop environment as Joe (Company) Owner, but as usual, you can access 
any file from the file manager, you can also get a copy of their desktop 
configuration file and copy it w/ your name on it so that when you log in 
the next time you *will* get the same desktop as Joe Owner.  Also, 
passwords can be compromised via a method that I posted to this list last 
week.

A better bet would be a CMOS password on bootup.  This can be bypassed by 
two ways - removing the machines battery for a few seconds, or by readily 
available tools that will crack the password.  Still enough to keep 
honest people honest, so to speak.

Brain21

• RE: Re[2]: SECURITY ALERT: Password protection bug in Netscape 2
• From: Michael Brennen <mbrennen@fni.com>

• Previous: Re: For Trade Pentium 75 for AMD 486dx4/100 CPU&MB
• Next: Re: caching protected documents
• Index(es):
  • Index
  • Thread