lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040108105605.8267.qmail@sf-www3-symnsj.securityfocus.com>
Date: 8 Jan 2004 10:56:05 -0000
From: Vladimir Katalov <vkatalov@...omsoft.com>
To: bugtraq@...urityfocus.com
Subject: Re: Microsoft Word Protection Bypass


In-Reply-To: <OF60A8C9AA.4F52F3E5-ON00256E0F.003B08BA-C1256E0F.003B9AEC@...alhost>

>To: bugtraq@...urityfocus.com
>Cc: "Microsoft Security Response Center" <secure@...rosoft.com>
>Subject: Microsoft Word Protection Bypass
>From: Thorsten Delbrouck-Konetzko <Thorsten.Delbrouck@...rdeonic.com>
>Date: Fri, 2 Jan 2004 10:51:03 +0000
>Content-Type: multipart/mixed; boundary="=_mixed 003B9AC4C1256E0F_="
>
>Microsoft Word provides an option to protect "forms" by password. This is 
>used to ensure that unauthorized users cannot manipulate the contents of 
>documents except within specially designed "form" areas. This feature is 
>also often used to protect documents which do not even have form areas 
>(quotations/offers etc.).
>
>This form protection can easily be removed without any additional tools 
>(apart from a hex-editor).
>
>Please find the full advisory attached.

Actually, we have reported about this problem almost three years ago at "Black Hat Windows Security 2001" conference (Las Vegas, Feb'2001), see:

http://www.blackhat.com/html/bh-multi-media-archives.html#Windows%20Security%202001

Here is the presentation ("Analysis of Microsoft Office Password Protection System, and Survey of Encryption Holes In Other MS Windows Applications") in PowerPoint format:

http://www.blackhat.com/presentations/win-usa-01/Malyshev/bh-win-01-malyshev.ppt

And streaming video:
rtsp://media-1.datamerica.com/blackhat/bh-usa-win-01/video/bh-usa-win-01-andrey-malyshev-video.rm

Microsoft, of course, was aware. There is an article published in Microsoft TechNet:

Ask Us About... Security, March 2001
http://www.microsoft.com/technet/columns/security/askus/auas0301.asp

Quote from there:

"Recovering Office passwords
Q: I'm creating a document using Microsoft Word that may potentially contain sensitive information. I note that Word has a password protection feature (under Tools/Protect Document). How strong is the security surrounding this feature? 
A: I get a lot of mail asking about the strength of passwords for Office documents. As was demonstrated in an analysis of the Microsoft Office password protection system presented by ElcomSoft at Black Hat (see above), the password-protection features of these programs were not designed to be invincible. [...]"

You may also want to have a look at our software that can recover or remove this password, among many other ones:

Advanced Office XP Password Recovery
http://www.elcomsoft.com/aoxppr.html

-- 
Sincerely yours,
  Vladimir

Vladimir Katalov
Managing Director
ElcomSoft Co.Ltd.
Member of Association of Shareware Professionals (ASP)
Member of Russian Cryptology Association
mailto:vkatalov@...omsoft.com
http://www.elcomsoft.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ