24 june 2002 ------------ Username, password + free phone number for microsoft (distributed with IE 5 + 6) ------------------------------------------------------------------------ -------- Discovered By: Big poop rootat_private Untested: IE 4 Mac versions of IE Vulnerable Files ---------------- icwip.dun, icwx25a.dun, icwx25b.dun, icwx25c.dun The above files contain a username and password stored in plaintext for microsoft.com (found 19/june/2002) phone.icw - contains numerous free phone numbers for above user name and password Other vulnerable files not installed but sometimes downloaded from ISP' s ------------------------------------------------------------------------ *.isp / *.ins - The internet communication setting file also stores user name and passwords in plain text (well known fact, i'm probably not the first to notice this) Details ------- When a user wishes to access the internet but doesn't have a specific ISP in mind a user a can use microsofts connection wizzard to download a list of ISPs. This wizzard dials to a free phone number stored in phone.icw and then uses one of the icw*.dun files to authenicate itself to the network (depending on where in the world you are depends on which icw*.dun dile is used) Under normal circumstances the connection wizzard connects to ispreferals.microsoft.com (207.46.152.15) and downloads a list of local ISP's via series of cab files stored in various 4 letter directories on the server. The username stored in the icw*.dun file is "icw5at_private" and the password is "icw5". One of the dial up servers connected to was tnt59.lnd1.uk.uudial.net. As you can see this is not a microsoft machine but it does allow you to access various microsoft machines. (If you are in the UK you connect to the science park in Cambridge, one of Microsofts research centers). Recommendations --------------- Store passwords in an encrypted form -- Big Poop rootat_private
This archive was generated by hypermail 2b30 : Tue Jul 09 2002 - 10:15:03 PDT