PDA

Bekijk Volledige Versie : RE: Password Hole Found In Webshots - (Webshots Confirmed)



Shutters, Mike
20/12/02, 01:13
From Webshots (confirmed):

-----Original Message-----
From: support@webshots.com [SMTP:support@webshots.com]
Sent: Wednesday, December 18, 2002 9:33 AM
To: Shutters, Mike
Subject: Re: Password Hole Found In Webshots [T200212130039]

Hello Mike,

Thank you for contacting Webshots!

Unfortunately the password protection feature within our software is not
very reliable, our engineers are working on improving this feature for our
software. We suggest that you use the password protection within your
operating system. I apologize for the inconvenience.

Sincerely,

Belynda
______________________________________________
Customer Support Representative, www.webshots.com

Please include all prior messages in any responses


> -----Original Message-----
> From: Brian Carpenter [SMTP:brian.carpenter@wosc.edu]
> Sent: Thursday, December 12, 2002 10:33 AM
> To: bugtraq@securityfocus.com
> Subject: Password Hole Found In Webshots
>
> I have descovered a hole in the webshots screensave program. On
> either
> a Win2K or xp machine that has it installed you can bypass the password
> on the screen saver by pressing Ctrl+Alt+Del wich brings up the Windows
> box that contains logout lockcomputer shutdown ect: Then you will hit
> cancel and boom you are at the desktop with all the permisions the
> previous user had. If you have windows password locking the screen saver
> you are able to Ctrl+Alt+Del and then go to taskmanger and end the
> screen saver thus bringing you back to the desktop.
>
> This works with both webshots password set up and the windows
> password
> setup on the computer. As long as webshots is used the hole is there.