====================================================================== Title: Microsoft Access 97 Stores Database Password as Plaintext Date: 02/03/99 Author: Donald Moore (MindRape) E-mail: damagedat_private ====================================================================== Microsoft Access 97 databases protected with a password are stored in foreign mdb's table attachements as plaintext. This can be accessed very easily by issuing a strings and grep operation on the foreign mdb. Example: % strings db1.mdb | grep -i "pwd" MS Access;PWD=plaintext;Table2pppppppjI'% MS Access;PWD=plaintext;Table1qqqqqqqkJ(& ====================================================================== Impact of Exploit ====================================================================== Having the password allows the secured mdb to be unlocked, giving permission to view database objects, possibily revealing other database connection strings, propiertary source code, tampering of data. One such commercial database marketed by FMS, Inc., Total VB SourceBook 6.0, can be easily compromised using this method. ====================================================================== How to Recreate ====================================================================== 1. Create an mdb 2. Create a Table 3. Reopen the new mdb in exclusive mode 4. From the Tools Menu, select Security and then click Set Database Password 5. Set database password 6. Exit Access 7. Create another mdb 8. From the File Menu, select Get External Data, and click Link Tables.... Select the passworded mdb and then select the table you created. 9. Exit Access 10. Perform a strings+grep on the 2nd mdb to reveal the password. - - - ------------------------------------------------- - -- --- ______ ______ . .:_\___ \\_ . \_::. Donald Moore (MindRape) . .::./ ./ // ./__/.:::. . _<_____/<____ >_:. Email: mindrapeat_private . \/ . damagedat_private Damaged Cybernetics - - - ------------------------------------------------- - -- ---
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:32:28 PDT