Windows 9x introduced a nifty little concept wherein users could host a password-protected mini file server, aka a share, on their PCs. The idea was simple: Allow users of networked computers to host and share files securely. Only the padlock Microsoft used to lock the door came equipped with a gaping hole that rendered it useless.
"When processing authentication requests for a NetBIOS share, Windows 95/98 would look at the length of the password sent by the attacker and then only compare that number of bytes to the real password," writes vulnerability expert H.D. Moore, who manages the Metasploit Framework project.
Oops. "This let the attack specify a password of zero bytes and gain access to the share," without actually knowing the password at all, Moore explains.
"The real damage," he continues, "was that by trying all characters of incrementing lengths, they could literally obtain the password for share from the server."
Worst Windows bugs of the last 10 years
Posted on Sunday, October 12 2008 @ 15:42 CEST by Thomas De Maesschalck