Sunday, February 25, 2007

Windows 2000 / XP / 2003 / Vista Informaton Leak

Impact: Any unprivileged user with LIST access to parent directory can monitor any files in child directories regardless of subdirectories and files permissions. Because by default Windows updates access time of any accessed files on NTFS volumes, it makes it possible for user to gather information about NTFS-protected files, their names and time of access to the files (reading, writing, creation, deletion, renaming, etc). Filenames may contain sensitive information or leak information about user's behavior (e.g. cookies files).

Read the article HERE.


Post a Comment

Links to this post:

Create a Link

<< Home