BugTraq
Password Hole Found In Webshots Dec 12 2002 06:33PM
Brian Carpenter (brian carpenter wosc edu) (1 replies)
Re: Password Hole Found In Webshots Dec 12 2002 10:50PM
Ian Nguyen (inguyen netspace net au)
Confirmed. As it is, I don't think Webshots offers much in the way of
securing a user's desktop even though it has the password protection
feature. But it is just that, a screensaver, which just display pretty
images.

I think what Brian is trying to say here is if you want to lock your
desktop, use Windows' Ctrl+Alt+Del function instead.

Ian

----- Original Message -----
From: "Brian Carpenter" <brian.carpenter (at) wosc (dot) edu [email concealed]>
To: <bugtraq (at) securityfocus (dot) com [email concealed]>
Sent: Friday, December 13, 2002 5:33 AM
Subject: Password Hole Found In Webshots

> I have descovered a hole in the webshots screensave program. On either
> a Win2K or xp machine that has it installed you can bypass the password
> on the screen saver by pressing Ctrl+Alt+Del wich brings up the Windows
> box that contains logout lockcomputer shutdown ect: Then you will hit
> cancel and boom you are at the desktop with all the permisions the
> previous user had. If you have windows password locking the screen saver
> you are able to Ctrl+Alt+Del and then go to taskmanger and end the
> screen saver thus bringing you back to the desktop.
>
> This works with both webshots password set up and the windows password
> setup on the computer. As long as webshots is used the hole is there.
>
>
>
>
>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus