Windows CE 2.1 security problem

From: Bart (bartat_private)
Date: Wed Jan 27 1999 - 06:51:50 PST

Next message: Anthony C . Zboralski: "Re: [HERT] ANNOUNCE: linux auditd daemon 1.10"

Previous message: HD Moore: "How the MS Critical Update Notification works..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Yesterday I discovered a security problem in Windows CE 2.1 for a
Palm PC (Cassiopeia E-11)

When you type text on the emulated keyboard, WinCE tries to guess the word
you're typing. When you enter a password (eg. for a dialup) WinCE will
consequently show the words which first characters match
your password's first characters.

The impact is quite obvious. When people can see your screen, they can see
a part of your password.

Kind regards,

Bart Van den Bossche

--
adminat_private  http://www.moeha.net  bartat_private
grep... grep... grep... (frog with unix stuck in his throat)

Next message: Anthony C . Zboralski: "Re: [HERT] ANNOUNCE: linux auditd daemon 1.10"
Previous message: HD Moore: "How the MS Critical Update Notification works..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:31:38 PDT