From Webshots (confirmed): -----Original Message----- From: supportat_private [SMTP:supportat_private] Sent: Wednesday, December 18, 2002 9:33 AM To: Shutters, Mike Subject: Re: Password Hole Found In Webshots [T200212130039] Hello Mike, Thank you for contacting Webshots! Unfortunately the password protection feature within our software is not very reliable, our engineers are working on improving this feature for our software. We suggest that you use the password protection within your operating system. I apologize for the inconvenience. Sincerely, Belynda ______________________________________________ Customer Support Representative, www.webshots.com Please include all prior messages in any responses > -----Original Message----- > From: Brian Carpenter [SMTP:brian.carpenterat_private] > Sent: Thursday, December 12, 2002 10:33 AM > To: bugtraqat_private > Subject: Password Hole Found In Webshots > > I have descovered a hole in the webshots screensave program. On > either > a Win2K or xp machine that has it installed you can bypass the password > on the screen saver by pressing Ctrl+Alt+Del wich brings up the Windows > box that contains logout lockcomputer shutdown ect: Then you will hit > cancel and boom you are at the desktop with all the permisions the > previous user had. If you have windows password locking the screen saver > you are able to Ctrl+Alt+Del and then go to taskmanger and end the > screen saver thus bringing you back to the desktop. > > This works with both webshots password set up and the windows > password > setup on the computer. As long as webshots is used the hole is there.
This archive was generated by hypermail 2b30 : Thu Dec 19 2002 - 19:21:25 PST