15 lines
No EOL
1.4 KiB
Text
15 lines
No EOL
1.4 KiB
Text
source: https://www.securityfocus.com/bid/1780/info
|
|
|
|
Share level password protection for the File and Print Sharing service in Windows 95/98/ME can be bypassed.
|
|
|
|
Share level access provides peer to peer networking capabilities in the Windows 9x/ME environment. It depends on password protection in order to grant or deny access to resources. Due to a flaw in the implementation of File and Print Sharing security, a remote intruder could access share level protected resources without entering a complete password by programatically modifying the data length of the password.
|
|
|
|
The flaw is due to the NetBIOS implementation in the password verification scheme share level access utilizes.
|
|
|
|
The password length is compared to the length of data sent during the password verification process. If the password was programatically set to be 1 byte, then only the first byte would be verified. If a remote attacker was able to correctly guess the value of the first byte of the password on the target machine, access would be granted to the share level protected resource.
|
|
|
|
Windows 9x remote administration is also affected by this vulnerability because it uses the same authentication scheme.
|
|
|
|
Successful exploitation of this vulnerability could lead to the retrieval, modification, addition, and deletion of files residing on a file or print share.
|
|
|
|
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/20283.zip |