1996-01-18 - Re: A WfW security curiosity (possibly another security hole)
Header Data
From: Don Gaffney <gaffney@emba.uvm.edu>
To: pgut01@cs.auckland.ac.nz
Message Hash: 90e132016470b415315df7960b9ebe2a80e093e134cf8ec5c5b488e6695b25a2
Message ID: <Pine.3.89.9601180955.G9122-0100000@griffin.emba.uvm.edu>
Reply To: <199601180314.QAA19064@cs26.cs.auckland.ac.nz>
UTC Datetime: 1996-01-18 14:36:28 UTC
Raw Date: Thu, 18 Jan 96 06:36:28 PST
Raw message
From: Don Gaffney <gaffney@emba.uvm.edu>
Date: Thu, 18 Jan 96 06:36:28 PST
To: pgut01@cs.auckland.ac.nz
Subject: Re: A WfW security curiosity (possibly another security hole)
In-Reply-To: <199601180314.QAA19064@cs26.cs.auckland.ac.nz>
Message-ID: <Pine.3.89.9601180955.G9122-0100000@griffin.emba.uvm.edu>
MIME-Version: 1.0
Content-Type: text/plain
On Thu, 18 Jan 1996 pgut01@cs.auckland.ac.nz wrote:
> When WfW is installed, it creates a file in the Windows directory called
> WFWSYS.CFG. This is a standard Windows password file and may be decrypted with
> the password "23skidoo" (note that this is lowercase, since it's passed to the
> .PWL-handling code at a level which bypasses the usual password case smashing.
> The mangled 32-bit form which is passed to the RC4 key setup routine is { 0x67,
> 0x6F, 0xE3, 0x81 }).
>
> WFWSYS.CFG seems to be mostly identical for the few copies I could get to, and
> WfW networking won't work without it. Decrypting the file doesn't seem to give
> anything useful, the string "SYSTEM" and what looks like a few 8 or 16-numbers.
> I don't know enough about how WfW networking works, but my (very vague) guess
> is that it contains some sort of cookie to uniquely ID each machine for
> resource sharing over a network. If it does then it it's (yet another) pretty
> serious security hole, since it's encrypted with a fixed password and seems to
> be mostly identical over multiple machines. OTOH it may be something to do
> with serial numbers so you can't install the same copy of WfW on multiple
> machines on a LAN.
>
> Can anyone shed more light on it?
>
> Peter.
>
>
This is the file used by admincfg.exe (on WFW3.11 disk 8). This file
contains "security" settings, such as whether or not to cache passwords
on disk (*.PWL files).
There is no feature in WFW to prevent use of one copy on multiple
machines on a lan.
In terms of security, yes, the whole of Windows Networking is a bad joke.
(An interesting aside, it is possible to get a WfW "security" error
on start-up by having subst drives - weird, eh?)
_____________________________________________________________________
Don Gaffney
Engineering, Mathematics & Business Administration Computer Facility
University of Vermont
237 Votey Building
Burlington, VT 05405
(802) 656-8490
Fax: (802) 656-8802
Thread
Return to January 1996
- Return to “Don Gaffney <gaffney@emba.uvm.edu>”
Return to “pgut01@cs.auckland.ac.nz”
- 1996-01-18 (Wed, 17 Jan 96 19:15:22 PST) - A WfW security curiosity (possibly another security hole) - pgut01@cs.auckland.ac.nz
- 1996-01-18 (Thu, 18 Jan 96 06:36:28 PST) - Re: A WfW security curiosity (possibly another security hole) - Don Gaffney <gaffney@emba.uvm.edu>