[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ntbugtraq
Subject:    Re: win2k PPP dialup scripting bug?
From:       Steven Stern <steven.stern () GSB ! UCHICAGO ! EDU>
Date:       2000-08-17 19:59:02
[Download RAW message or body]

This was discussed in the WUGNET Windows NT forum
(http://go.compuserve.com/windowsnt?LOC=US&ACCESS=PUBLIC)   right after W2K
came out.  IF the remote side uses PAP/CHAP, W2K will handle the password
correctly. IF, however, the login sequence is scripted, the saved password
is always returned as 9 asterisks.

Why?

Microsoft said this was not a bug.  They said that returning a password to
a script violated their security model.  Apparently the process that
handles the script is not a trusted process and thus should not be trusted
with a password.

At 07:51 AM 8/16/2000 -0500, you wrote:
>we seem to be having problems with win2k PPP dialup scripting when the
>"save password" box is checked. if the script uses the $PASSWORD
>variable to pass the password during the login to the terminal server
>(in the original sense of the word), it works the first time, but fails
>thereafter.


----------------
Steven D. Stern
GSB Computing Services
http://gsbwww.uchicago.edu/computing

----------------------------------------------------------------------------
Delivery co-sponsored by VeriSign - The Internet Trust Company
============================================================================
Upgrade your server security to 128-bit SSL encryption!

Get VeriSign's FREE guide, "Securing Your Web Site for Business." You will
learn everything you need to know about using 128-bit SSL to encrypt your
e-commerce transactions for serious online security. Click here!
http://www.verisign.com/cgi-bin/go.cgi?a=n046607800016000
----------------------------------------------------------------------------

[prev in list] [next in list] [prev in thread] [next in thread]