DOCUMENT:Q164644 13-JUN-2001 [sna] TITLE :Clear Text Passwords Could Be Left in SNAP Buffers PRODUCT :Microsoft SNA Server PROD/VER:WINDOWS:3.0 OPER/SYS: KEYWORDS: ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft SNA Server, version 3.0 ------------------------------------------------------------------------------- SYMPTOMS ======== Even after enabling SNA Server 3.0 client encryption, some SNA Server Windows 95 client logon information may inadvertently appear in clear- text, viewable to a network monitor. CAUSE ===== A buffer carrying SNA Server Windows 95 client logon information is not being cleared before being used for subsequent SNA Server client-server messages. This may cause a subsequent message to inadvertently include client logon information. RESOLUTION ========== To resolve this problem, obtain the hotfix mentioned below. The updated module is: \System\Snakrnl.dll STATUS ====== Microsoft has confirmed this to be a problem in SNA Server version 3.0. This problem was corrected in the latest Microsoft SNA Server 3.0 U.S. Service Pack. For information on obtaining the service pack, query on the following word in the Microsoft Knowledge Base (without the spaces): S E R V P A C K Additional query words: prodsna sna30 snaencrypt ====================================================================== Keywords : Technology : kbAudDeveloper kbSNAServSearch kbSNAServ300 Version : WINDOWS:3.0 Issue type : kbbug Solution Type : kbfix ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2001.