Weak Encryption Vulnerability in Windows 95 Password Storage
CVE-1999-1104

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 95
Vendor: CVE Published:; 31 December 1999

What is CVE-1999-1104?

Windows 95 employs a weak encryption method for its password list (.pwl) file, which is utilized when password caching is active. This vulnerability allows local users to exploit the encryption weakness and gain unauthorized access to stored passwords by decrypting them, potentially leading to privilege escalation.

References

http://marc.info/?l=bugtraq&m=88536273725787&w=2

mailing-listx_refsource_BUGTRAQ

http://www.iss.net/security_center/static/71.php

vdb-entryx_refsource_XF

http://support.microsoft.com/support/kb/articles/q140/5/5...

vendor-advisoryx_refsource_MSKB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Aug 31, 2001
Vulnerability published
Dec 31, 1999

Microsoft

What is CVE-1999-1104?

References

Timeline