Malicious user with physical access to a computer can acquire cached domain password (168115)


The information in this article applies to:

  • Microsoft Windows 98
  • Microsoft Windows 95
  • Microsoft Windows 95 OEM Service Release 2.1
  • Microsoft Windows 95 OEM Service Release 2.5
This article was previously published under Q168115
This information does not apply to Microsoft Windows 98 Second Edition.

SYMPTOMS

If your computer runs Windows 95 or Windows 98 for use as a network workstation, it may be possible for a malicious user to acquire your network password. This attack would require that the malicious user have physical access to your computer at some point after you log on to a server or domain, but before the machine had been rebooted. While a program can be used to read the cached password, doing so requires physical access to your computer when it is not protected by a screen saver password and you must be running the Microsoft Client for Microsoft Networks.

RESOLUTION

If you are running Windows 98:

The following file is available for download from the Microsoft Download Center:

Download 168115us8.exe now

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

If you are running Windows 95 or Windows 95 OEM Service Release versions 1, 2, 2.1, or 2.5:

The following file is available for download from the Microsoft Download Center:

Download 168115us5.exe now

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
File nameVersionDateTimeSizePlatform
Msnp32.dll4.00.95711/13/9812:42am67,584 bytesWindows 95
Msnp32.dll4.10.200011/17/982:55am67,584 bytesWindows 98

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

For more information about issues resolved by updates to thesecomponents, click the following article numbers to view the articles in the Microsoft Knowledge Base:

178824 Error message: Your password is too short

175051 Windows 95 roaming profiles do not work

176543 Windows 95 client is unable to receive roaming profiles

For more information about Windows 95 updates, click the following article number to view the article in the Microsoft Knowledge Base:

161020 Implementing Windows 95 updates

For related information on this problem, please visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/Bulletin/MS99-052.mspx

For additional security-related information about Microsoft products, please visit the following Microsoft Web site:

http://www.microsoft.com/security/

For more information about Windows 98 and Windows 98 Second Edition hotfixes, click the following article number to view the article in the Microsoft Knowledge Base:

206071 General information about Windows 98 and Windows 98 Second Edition hotfixes

Modification Type:MinorLast Reviewed:7/6/2006
Keywords:kbHotfixServer kbQFE kbdownload kbenv kbgraphxlinkcritical kbprb KB168115
©2004 Microsoft Corporation. All rights reserved.