1996-01-18 - Re: A WfW security curiosity (possibly another security hole)

Header Data

From: pgut01@cs.auckland.ac.nz
To: gaffney@emba.uvm.edu
Message Hash: 0316b414a0d6356ce3bcfa18b75e06c7e7c0965ef737cbc5d0773f9d1804890b
Message ID: <199601181518.EAA17585@cs26.cs.auckland.ac.nz>
Reply To: N/A
UTC Datetime: 1996-01-18 15:19:02 UTC
Raw Date: Thu, 18 Jan 96 07:19:02 PST

Raw message

From: pgut01@cs.auckland.ac.nz
Date: Thu, 18 Jan 96 07:19:02 PST
To: gaffney@emba.uvm.edu
Subject: Re: A WfW security curiosity (possibly another security hole)
Message-ID: <199601181518.EAA17585@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain


>>[WFWSYS.CFG file]
>
>This is the file used by admincfg.exe (on WFW3.11 disk 8). This file
>contains "security" settings, such as whether or not to cache passwords
>on disk (*.PWL files). 
 
Ahh, so you can silently reenable password cacheing by manipulating this 
file, thereby defeating Microsoft's "turn off password cacheing" kludge.  
Wonderful.  I'll have a poke around on Monday to figure out what bits to
flip and post the results here.
 
Thanks for the info...
 
Peter.





Thread