lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20030704214241.GA3818@SDF.LONESTAR.ORG>
Date: Fri, 4 Jul 2003 21:42:41 +0000
From: petard <petard@....lonestar.org>
To: Delfim Machado <bipbip@...o.org>
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com,
   product-security@...le.com, vulnwatch@...nwatch.org, vuln@...urity.nnov.ru,
   bugs@...uritytracker.com, phiber@...bernet.org
Subject: Re: MacOSX - crash screensaver locked with password and get the desktop back


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> how? - you ask.
> i don't know the exact amount of characters, only that if you leave a
> key pressed for 5 minutes or more and then hit the enter key, you crash
> the screensaver and gain access to the desktop.
> you can mess the desktop and all around it (network, mail, docs,
> anything you can imagine).

it's much easier than that to reproduce; with the right combination of
cut and paste (think emacs key bindings) you can overfill  the field and
get through in just a few seconds :-). on one of the machines here
(version 10.2.6 for those who care) it took 10 - 15 seconds in most
cases.

hopefully no one considered the screensaver to be much protection...

regards,
petard

- --
"Increasingly, people seem to misinterpret complexity as sophistication,
which is baffling - the incomprehensible should cause suspicion rather
than admiration."
    -- Niklaus Wirth
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (NetBSD)

iD8DBQE/BfS8gkiZ59A0kiQRAnDWAKCBZ488UiCiuBHCPw3rppKfyWe0JACfTjM/
ZfkH/3Pe+Eb8XCiydw5j+Qk=
=sJay
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ