Re: Microsoft Access 97 Stores Database Password as Plaintext

From: Ricardo Peres (rjperesat_private)
Date: Thu Feb 04 1999 - 13:56:46 PST

Next message: Taral: "Re: No Security is Bad Security:"

Previous message: Andrew J. Gavin: "NOBO denial of service"
Maybe in reply to: Donald Moore (MindRape): "Microsoft Access 97 Stores Database Password as Plaintext"
Next in thread: Ernie Souhrada: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

I have several password-protected MS Access databases, and *none* of
them has it's password stored as plain text... Your exploit never worked!

Best wishes,

-----------------------------------------------------------------------------
Ricardo Peres
E-mail: rjperesat_private
ICQ UIN: 708926
TM: 0931 9459192
Departamento de Engenharia Informática
Universidade de Coimbra
PORTUGAL
-----------------------------------------------------------------------------

On Thu, 4 Feb 1999, Donald Moore (MindRape) wrote:

> ======================================================================
>   Title: Microsoft Access 97 Stores Database Password as Plaintext
>    Date: 02/03/99
>  Author: Donald Moore (MindRape)
>  E-mail: damagedat_private
> ======================================================================
>
> Microsoft Access 97 databases protected with a password are stored in
> foreign mdb's table attachements as plaintext.  This can be accessed very
> easily by issuing a strings and grep operation on the foreign mdb.
>
>     Example:
>         % strings db1.mdb | grep -i "pwd"
>
>         MS Access;PWD=plaintext;Table2pppppppjI'%
>         MS Access;PWD=plaintext;Table1qqqqqqqkJ(&
>
> ======================================================================
>  Impact of Exploit
> ======================================================================
>
> Having the password allows the secured mdb to be unlocked, giving permission
> to view database objects, possibily revealing other database connection
> strings, propiertary source code, tampering of data.  One such commercial
> database marketed by FMS, Inc., Total VB SourceBook 6.0, can be easily
> compromised using this method.
>
>
> ======================================================================
>  How to Recreate
> ======================================================================
>
>  1. Create an mdb
>  2. Create a Table
>  3. Reopen the new mdb in exclusive mode
>  4. From the Tools Menu, select Security and then click Set Database
> Password
>  5. Set database password
>  6. Exit Access
>  7. Create another mdb
>  8. From the File Menu, select Get External Data, and click Link Tables....
> Select
>     the passworded mdb and then select the table you created.
>  9. Exit Access
> 10. Perform a strings+grep on the 2nd mdb to reveal the password.
>
>
> -   -  - ------------------------------------------------- - -- ---
>                                           ______ ______ .
>                                        .:_\___  \\_ .  \_::.
>    Donald Moore (MindRape)          . .::./ ./  // ./__/.:::. .
>                                         _<_____/<____  >_:.
>    Email: mindrapeat_private            .             \/  .
>            damagedat_private       Damaged Cybernetics
> -   -  - ------------------------------------------------- - -- ---
>

Next message: Taral: "Re: No Security is Bad Security:"
Previous message: Andrew J. Gavin: "NOBO denial of service"
Maybe in reply to: Donald Moore (MindRape): "Microsoft Access 97 Stores Database Password as Plaintext"
Next in thread: Ernie Souhrada: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:32:35 PDT