Malicious User with Physical Access to a Computer Can Acquire Cached Domain Password

ID: Q168115

The information in this article applies to:
  • Microsoft Windows 98
  • Microsoft Windows 95
  • Microsoft Windows 95 OEM Service Release versions 1, 2, 2.1, 2.5
This information does not apply to Microsoft Windows 98 Second Edition.

SYMPTOMS

If your computer runs Windows 95 or Windows 98 for use as a network workstation, it may be possible for a malicious user to acquire your network password. This attack would require that the malicious user have physical access to your computer at some point after you log on to a server or domain, but before the machine had been rebooted. While a program can be used to read the cached password, doing so requires physical access to your computer when it is not protected by a screen saver password and you must be running the Microsoft Client for Microsoft Networks.


RESOLUTION

If you are running Windows 98:

The following file is available for download from the Microsoft Download Center. Click the file name below to download the file:

168115us8.exe
For more information about how to download files from the Microsoft Download Center, please visit the Download Center at the following Web address
http://www.microsoft.com/downloads/search.asp
and then click How to use the Microsoft Download Center.

If you are running Windows 95 or Windows 95 OEM Service Release versions 1, 2, 2.1, or 2.5:

The following file is available for download from the Microsoft Download Center. Click the file name below to download the file:
168115us5.exe
For more information about how to download files from the Microsoft Download Center, please visit the Download Center at the following Web address
http://www.microsoft.com/downloads/search.asp
and then click How to use the Microsoft Download Center.

File name Version Date Time Size Platform
Msnp32.dll 4.00.957 11/13/98 12:42am 67,584 bytes Windows 95
Msnp32.dll 4.10.2000 11/17/98 2:55am 67,584 bytes Windows 98



STATUS

Microsoft has confirmed this to be a problem in the Microsoft products listed at the beginning of this article.


MORE INFORMATION

For additional information about issues resolved by updates to these components, click the article numbers below to view the articles in the Microsoft Knowledge Base:

Q178824 Error Message: Your Password Is Too Short
Q175051 Windows 95 Roaming Profiles Do Not Work with Citrix WinFrame
Q176543 Windows 95 Client Is Unable to Receive Roaming Profiles
For additional information about Windows 95 updates, click the article number below to view the article in the Microsoft Knowledge Base:
Q161020 Implementing Windows 95 Updates
For related information on this problem, please visit the following Microsoft Web site:
http://www.microsoft.com/security/bulletins/ms99-052faq.asp
For additional security-related information about Microsoft products, please visit the following Microsoft Web site:
http://www.microsoft.com/security/

Additional query words: 98 95 Patch Available for "Legacy Credential Caching" Vulnerability

Keywords : kbenv win95 win98
Version : WINDOWS:95
Platform : WINDOWS
Issue type : kbprb


Last Reviewed: December 8, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.