New free patch for Win95/98/ME users

Discussion in 'other security issues & news' started by Wayne - DiamondCS, Mar 11, 2002.

Thread Status:
Not open for further replies.
  1. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    New free patch for Win95/98/ME users to protect against WNetEnumCachedPasswords
     
    See http://www.diamondcs.com.au/web/patches/enhancer.php3?patch=passlock
    A demonstration of what the WNetEnumCachedPasswords API call can reveal, and a patch to prevent the revelations, are both available at the above URL.
    Called "PassLock", the download is just 41kb, and is freeware.

    Some excerpts:
    ---
    INTRODUCTION:
    Microsoft Windows installs with a file called MPR.DLL (MPR standing for Multiple Provider Route). While the functions of this DLL are generally very useful, there is one exported function that is not required and is of particular concern to the security-conscious. Existing only in Windows95/98/ME versions of mpr.dll, the name of this exported function is WNetEnumCachedPasswords. It is officially undocumented, but enough unofficial documentation has been created so that trojan authors can easily call this DLL from their own trojan - indeed, many popular trojans such as Sub7 have taken advantage of this API for a long time, and even the safe passdump.exe demo program that accompanies this patch uses this unofficial documentation to call the function. A google.com search at March 12 2002 for "WNetEnumCachedPaswords" found 316
    results.

    WHAT INFORMATION CAN WNETENUMCACHEDPASSWORDS REVEAL?
    This is often quite surprising the first time you see it. The passdump.exe program that comes with the patch safely demonstrates the power of this single API call by displaying all cached passwords. Passwords include modem/dialup passwords, URL passwords, share passwords and more. To find out
    what information can be obtained on your computer, simply run passdump.exe
    ---

    More information, including how the patch works, and what exactly gets patched is documented at the forementioned URL.

    Enjoy!

    Best,
    Wayne / www.DiamondCS.com.au
     
  2. Tiger_Barb

    Tiger_Barb Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    61
    Wayne,

    This Win ME user says, Thanks for the info....

    T Barb
     
Loading...
Thread Status:
Not open for further replies.