Microsoft Access 97 Stores Database Password as Plaintext

From: Donald Moore (MindRape) (mindrapeat_private)
Date: Thu Feb 04 1999 - 03:15:13 PST

Next message: nunca: "More oshare testing."

Previous message: Steve Allen: "Re: BUGTRAQ Digest - 1 Feb 1999 to 2 Feb 1999 (#1999-30)"
Next in thread: Paul Leach: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Paul Leach: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Ricardo Peres: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Ernie Souhrada: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Donald Moore (MindRape): "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Kehoe, Anthony (Exchange): "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Allan Marillier: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Eric Stevens: "FW: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Fernald, Brian: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Sozni: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Ervin Fried: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: sozniat_private: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Nick Lamb: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Stephen M. Milton: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Jim Paris: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Jim Paris: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Paul Leach: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Ian Smith: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Will Cox: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Zorkeres .: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Billy Naylor: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Ian Smith: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Michael Nelson: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

======================================================================
  Title: Microsoft Access 97 Stores Database Password as Plaintext
   Date: 02/03/99
 Author: Donald Moore (MindRape)
 E-mail: damagedat_private
======================================================================

Microsoft Access 97 databases protected with a password are stored in
foreign mdb's table attachements as plaintext.  This can be accessed very
easily by issuing a strings and grep operation on the foreign mdb.

    Example:
        % strings db1.mdb | grep -i "pwd"

        MS Access;PWD=plaintext;Table2pppppppjI'%
        MS Access;PWD=plaintext;Table1qqqqqqqkJ(&

======================================================================
 Impact of Exploit
======================================================================

Having the password allows the secured mdb to be unlocked, giving permission
to view database objects, possibily revealing other database connection
strings, propiertary source code, tampering of data.  One such commercial
database marketed by FMS, Inc., Total VB SourceBook 6.0, can be easily
compromised using this method.


======================================================================
 How to Recreate
======================================================================

 1. Create an mdb
 2. Create a Table
 3. Reopen the new mdb in exclusive mode
 4. From the Tools Menu, select Security and then click Set Database
Password
 5. Set database password
 6. Exit Access
 7. Create another mdb
 8. From the File Menu, select Get External Data, and click Link Tables....
Select
    the passworded mdb and then select the table you created.
 9. Exit Access
10. Perform a strings+grep on the 2nd mdb to reveal the password.


-   -  - ------------------------------------------------- - -- ---
                                          ______ ______ .
                                       .:_\___  \\_ .  \_::.
   Donald Moore (MindRape)          . .::./ ./  // ./__/.:::. .
                                        _<_____/<____  >_:.
   Email: mindrapeat_private            .             \/  .
           damagedat_private       Damaged Cybernetics
-   -  - ------------------------------------------------- - -- ---

Next message: nunca: "More oshare testing."
Previous message: Steve Allen: "Re: BUGTRAQ Digest - 1 Feb 1999 to 2 Feb 1999 (#1999-30)"
Next in thread: Paul Leach: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Paul Leach: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Ricardo Peres: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Ernie Souhrada: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Donald Moore (MindRape): "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Kehoe, Anthony (Exchange): "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Allan Marillier: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Eric Stevens: "FW: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Fernald, Brian: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Sozni: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Ervin Fried: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: sozniat_private: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Nick Lamb: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Stephen M. Milton: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Jim Paris: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Jim Paris: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Paul Leach: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Ian Smith: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Will Cox: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Zorkeres .: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Billy Naylor: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Ian Smith: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Reply: Michael Nelson: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:32:28 PDT