[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Re: Nortel VPN Client Issue: Clear-text password stored in memory

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Re: Nortel VPN Client Issue: Clear-text password stored in memory
From: Burak DAYIOGLU <dayioglu@xxxxxxxxxxx>
Date: Tue, 22 Mar 2005 23:34:22 +0200

Roy, I read your advisory regarding the Norvel VPN client. If I am not mistaken, the authentication keys are stored in the registry hive HKEY_CURRENT_USER (per user key stores).

If it is so, you should start the VPN client as the victim user to attack the process memory image (or else you have to be administrator).

Am I missing something?

regards,
-bd
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Adobe Acrobat Default Behavior Ignores Systems Defaults
Next by Date: [Full-disclosure] Re: [ISN] How To Save The Internet
Previous by thread: [Full-disclosure] Adobe Acrobat Default Behavior Ignores Systems Defaults
Next by thread: [Full-disclosure] root-equivalent groups
Index(es):
- Date
- Thread