Security Guide for Windows - Passwords for Compressed Folders are Recoverable

Guides
Products
- Security Products
- Spyware Doctor
- Spyware Doctor with AntiVirus
- PC Tools AntiVirus
- PC Tools Internet Security
- PC Tools Firewall Plus
- ThreatFire
- Spam Monitor
- Utility Products
- Registry Mechanic
- Desktop Maestro
- File Recover
- Privacy Guardian
- Business Solutions
- Spyware Doctor Enterprise
- Help me choose
Download
- Security Products
- Spyware Doctor
- Spyware Doctor with AntiVirus
- PC Tools AntiVirus
- PC Tools Internet Security
- PC Tools Firewall Plus
- ThreatFire
- Spam Monitor
- Utility Products
- Registry Mechanic
- Desktop Maestro
- File Recover
- Privacy Guardian
- Business Solutions
- Spyware Doctor Enterprise
- Help me choose
Purchase
- Security Products
- Spyware Doctor
- Spyware Doctor with AntiVirus
- PC Tools AntiVirus
- PC Tools Internet Security
- ThreatFire
- Spam Monitor
- Utility Products
- Registry Mechanic
- Desktop Maestro
- File Recover
- Privacy Guardian
- Business Solutions
- Spyware Doctor Enterprise
- Help me choose
Support
- Online Support
- Lost Code
Company
- Awards
- Careers
- Community Forum
- Contact
- Labs
- News
- Partners
- Press Room
- Industry News


	Features Registry Guide Software Guide Scripting Guide Driver Guide Support Forums Newsletters Password Tool Downloads Dictionary Spyware Doctor PC Tools AntiVirus Firewall Plus


	Newsletter Receive regular Windows® updates Your privacy is ensured by our privacy policy

Security Home > Windows 95, 98 & ME

Passwords for Compressed Folders are Recoverable

A security vulnerability exists in the folder compression feature of Windows Me and Plus 98! which could allow a user to retrieve the passwords by simple inspection of a log file.

Issue

Plus! 98, an optional package that extends Windows 98 and Windows 98 Second Edition, introduced a data compression feature called Compressed Folders that was also included in Windows Me. For interoperability with leading third-party compression tools, it provides a password protection option for folders that have been compressed. However, due to a flaw in the package’s implementation, the passwords used to protect the folders are recorded in a file on the user’s system. If an attacker gained access to an affected machine on which password-protected folders were stored, she could learn the passwords and access the files.

It is important to understand that, although this flaw does constitute a security vulnerability, the password protection feature is not intended to provide strong security. It was included in the products to enable interoperability with password-protection features in other third-party data compression products, and is only intended to provide protection against casual inspection. Customers who need strong protection for files should use Windows® 2000.

The patch will prevent passwords from being written to the user’s system in the future. However, after applying the patch, it is important to also delete c:\windows\dynazip.log, in order to ensure that all previously-recorded passwords are deleted.

Affected Products

Microsoft Windows Me

Solution

A software patch for Plus 98! can be downloaded from http://download.microsoft.com/download/win98/update/14715/w98/en-us/252694usa8.exe and the patch for Windows Me can be retrieved from http://download.microsoft.com/download/winme/update/14715/winme/en-us/252694usam.exe

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: April 4, 2001

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<

Search Guides

Issue

Affected Products

Solution

Further Details