Password Hole Found In Webshots

From: Brian Carpenter (brian.carpenterat_private)
Date: Thu Dec 12 2002 - 10:33:21 PST

Next message: gobblesat_private: "[Full-Disclosure] iDefense Security Advisory"

Previous message: Wichert Akkerman: "[SECURITY] [DSA-209-1] two wget problems"
Next in thread: Ian Nguyen: "Re: Password Hole Found In Webshots"
Reply: Ian Nguyen: "Re: Password Hole Found In Webshots"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

	I have descovered a hole in the webshots screensave program. On either
a Win2K or xp machine that has it installed you can bypass the password
on the screen saver by pressing Ctrl+Alt+Del wich brings up the Windows
box that contains logout lockcomputer shutdown ect: Then you will hit
cancel and boom you are at the desktop with all the permisions the
previous user had. If you have windows password locking the screen saver
you are able to  Ctrl+Alt+Del and then go to taskmanger and end the
screen saver thus bringing you back to the desktop.

	This works with both webshots password set up and the windows password
setup on the computer. As long as webshots is used the hole is there.

Next message: gobblesat_private: "[Full-Disclosure] iDefense Security Advisory"
Previous message: Wichert Akkerman: "[SECURITY] [DSA-209-1] two wget problems"
Next in thread: Ian Nguyen: "Re: Password Hole Found In Webshots"
Reply: Ian Nguyen: "Re: Password Hole Found In Webshots"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Dec 12 2002 - 15:28:51 PST