New free patch for Win95/98/ME users

Discussion in 'other security issues & news' started by Wayne - DiamondCS, Mar 11, 2002.

Thread Status:
Not open for further replies.
  1. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Jul 19, 2002
    Perth, Oz
    New free patch for Win95/98/ME users to protect against WNetEnumCachedPasswords
    A demonstration of what the WNetEnumCachedPasswords API call can reveal, and a patch to prevent the revelations, are both available at the above URL.
    Called "PassLock", the download is just 41kb, and is freeware.

    Some excerpts:
    Microsoft Windows installs with a file called MPR.DLL (MPR standing for Multiple Provider Route). While the functions of this DLL are generally very useful, there is one exported function that is not required and is of particular concern to the security-conscious. Existing only in Windows95/98/ME versions of mpr.dll, the name of this exported function is WNetEnumCachedPasswords. It is officially undocumented, but enough unofficial documentation has been created so that trojan authors can easily call this DLL from their own trojan - indeed, many popular trojans such as Sub7 have taken advantage of this API for a long time, and even the safe passdump.exe demo program that accompanies this patch uses this unofficial documentation to call the function. A search at March 12 2002 for "WNetEnumCachedPaswords" found 316

    This is often quite surprising the first time you see it. The passdump.exe program that comes with the patch safely demonstrates the power of this single API call by displaying all cached passwords. Passwords include modem/dialup passwords, URL passwords, share passwords and more. To find out
    what information can be obtained on your computer, simply run passdump.exe

    More information, including how the patch works, and what exactly gets patched is documented at the forementioned URL.


    Wayne /
  2. Tiger_Barb

    Tiger_Barb Registered Member

    Feb 15, 2002

    This Win ME user says, Thanks for the info....

    T Barb
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.