Passwords for Compressed Folders are Recoverable
A security vulnerability exists in the folder compression feature of Windows Me and Plus 98! which could allow a user to retrieve the passwords by simple inspection of a log file.
Plus! 98, an optional package that extends Windows 98 and Windows 98 Second Edition, introduced a data compression feature called Compressed Folders that was also included in Windows Me. For interoperability with leading third-party compression tools, it provides a password protection option for folders that have been compressed. However, due to a flaw in the package’s implementation, the passwords used to protect the folders are recorded in a file on the user’s system. If an attacker gained access to an affected machine on which password-protected folders were stored, she could learn the passwords and access the files.
It is important to understand that, although this flaw does constitute a security vulnerability, the password protection feature is not intended to provide strong security. It was included in the products to enable interoperability with password-protection features in other third-party data compression products, and is only intended to provide protection against casual inspection. Customers who need strong protection for files should use Windows® 2000.
The patch will prevent passwords from being written to the user’s system in the future. However, after applying the patch, it is important to also delete c:\windows\dynazip.log, in order to ensure that all previously-recorded passwords are deleted.
- Microsoft Windows Me
A software patch for Plus 98! can be downloaded from http://download.microsoft.com/download/win98/update/14715/w98/en-us/252694usa8.exe and the patch for Windows Me can be retrieved from http://download.microsoft.com/download/winme/update/14715/winme/en-us/252694usam.exe
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: April 4, 2001
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
|More Guides »||Registry Guide||Support Forums||Software Guide||Scripting Guide||Search|