Vulnerabilities > CVE-2001-0152 - Unspecified vulnerability in Microsoft Plus
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Metasploit
description | This module extracts clear text credentials from dynazip.log. The log file contains passwords used to encrypt compressed zip files in Microsoft Plus! 98 and Windows Me. |
id | MSF:POST/WINDOWS/GATHER/CREDENTIALS/DYNAZIP_LOG |
last seen | 2020-04-11 |
modified | 2019-01-10 |
published | 2017-02-22 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/post/windows/gather/credentials/dynazip_log.rb |
title | Windows Gather DynaZIP Saved Password Extraction |