| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 May 2006 20:52:18 +0200 From: Ansgar -59cobalt- Wiechers <bugtraq@...netcobalt.net> To: bugtraq@...urityfocus.com Subject: Re: Default Screen Saver Vulnerability in Microsoft Windows On 2006-05-21 susam.pal@...il.com wrote: > -- Advisory Name -- > Default Screen Saver Vulnerability in Microsoft Windows [...] > [HKEY_USERS\.DEFAULT\Control Panel\Desktop] > "ScreenSaverIsSecure"="0" > "ScreenSaveTimeOut"="600" > "ScreenSaveActive"="1" > "SCRNSAVE.EXE"="logon.scr" > > It can be seen that the default time-out value is 600 seconds or 10 > minutes. > > An attacker can replace the default screen saver (logon.scr) with the > command prompt (cmd.exe) and reduce the time-out period in a system by > using a trojan or some other means. To be able to write to this registry key or to %SystemRoot%\system32 administrative or system privileges are required. Why do you believe this to be a vulnerability? > -- Prevention -- [...] > Deny everyone all permissions on the registry key, "My Computer\ > HKEY_USERS\.DEFAULT\Control Panel\Desktop". This will prevent any > malicious program, script or software from modifying the default > screen saver settings. No. Administrative and system privileges include the ability to take ownership and change the permissions back. You just can't protect a system from its admin. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Powered by blists - more mailing lists