Spacer Sidebar Directory Map

The Training Book, the handbook for trainers

The Training Book, the handbook for trainers

 

ITrain - International Association of Information Technology Trainers

Windows Bug Negates Passwords

Shared hard disks at risk

ITINFO Sponsor

ITrain - International Association of Information Technology Trainers

The professional association offering online resources to Information Technology trainers, including discounts on certified software learning guides. Membership open to individuals, training companies, and vendors of related products and services.

"An especially highly-recommended way to stay current [as a computer trainer] is to join ITrain, the International Association of Information Technology Trainers."
ComputerUser Magazine

"ITrain.org has been selected as one of the best educational resources on the web."
StudyWeb

member@itrain.org
ITrain

Internet Poll
Have you attended a seminar via e-learning?
yes
no

poll archive

Windows 9x/Me Passwords Crackable In One Character

by Dave Murphy
ISSN 1535-3613

Dave Murphy, DGL President & ITrain founder Microsoft Windows peer-to-peer networking users are at risk of their shares (hard drives, floppies, CD-ROMs, removable media) being made available to unauthorized users even when passwords have been assigned.

Who is affected?
Small businesses, departmental workgroups, home networks, and Internet users who have enabled file and printer sharing.

What’s the scope of the vulnerability?
This is a privacy compromise vulnerability. The vulnerability could potentially allow unauthorized access to a user's password protected file share through the use of a malicious client utility and knowing (or guessing) the first letter of the password assigned to the share.

What causes the vulnerability?
There is a flaw in the way the File and Print Sharing service implements password protection for a directory when that directory is shared over a network using share level access. The flaw could allow a malicious program to gain access to that share without knowing the complete password.

What would this vulnerability allow a malicious user to do?
If a malicious user could exploit this vulnerability, they would be able to retrieve, modify, or delete any file within that share.

Microsoft has released a patch that repairs the immediate bug; however, users should consider implementing a separate file and print server on which data files are stored, thereby freeing individual hard disks from the burden and additional overhead of sharing files.

I have installed Linux file/print servers in corporate networks for less than the cost of a standard workstation. Linux, like Novell NetWare, ensures secure file services with access rights grantable to both individuals and groups.

Call for Comments

What do you think? Leave your comments on the message center.

References

Microsoft Security Bulletin (MS00-072)
Message Center

Subscribe to ITINFO.
Receive computing and Internet news & tips
by subscribing to the ITINFO information service.
Type your Internet email address in the form, and click "Subscribe."
Email Address:

Damar Group, Ltd. helps business use technology.

ITINFO is again accepting sponsors. Sponsor messages are included in ITINFO's email newsletter and are permanently posted to DGL's website and online reference areas.

ITINFO is an electronic publication of Damar Group, Ltd., publisher of Training Express computer learning guides. Comments and submissions to info@dgl.com.

Previous issues are on our website at http://dgl.com/itinfo/.

updated November 2, 2000
http://dgl.com/itinfo/2000/it001102.html

Return to DGL homepage
Copyright © 2000, Damar Group, Ltd., All Rights Reserved