Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Security App Flaws :: win5157.htm

Tiny personal firewall permits bypass when accessing console, even if locked
1st Mar 2002 [SBWID-5157]

	Tiny personal firewall permits bypass when accessing  console,  even  if




	Andrew Barkley reported following about Tiny Personal Firewall :

	The popup alert/dialogue jumps to the foreground, thus  open  to  accept
	permit/deny input from the local console,  even  when  the  workstations
	are locked (ctl + alt + del). Thus  an  untrusted  individual  whom  has
	local    access    to    individuals    workstations    can    scan    a
	workstation/network,  wait  for  the  popup  alert  dialogue  and  enter
	\"permit\"  on  unattended  (locked  workstations)  without  the  owners
	permission/knowledge, No need to first unlock (ctl + alt + del)

	 Update (6 march 2002)



	elfs added :

	If we take a look to WinAPI help for, i.e. MessageBox, we see,  that  it
	has a flag (WindowsNT only), called MB_SERVICE_NOTIFICATION:

	(..) The caller is a service notifying the user  of  an  event.  The  function
	displays a message box on the current active desktop, even if  there  is
	no user logged on to the computer (..)

	So we can write a small test program:


	---[ test.c ]---

	#include <windows>

	void main()


	  Sleep(3000);                      // Pause, to give you time to lock

	                                    // the computer


	    NULL,                           // HWND, should be NULL

	    \"Who cares if we are locked?\",  // Messagebox text

	    \"Test\",                         // Messagebox caption






	and this gives a chance for almost any appl to communicate with user  on
	WinNT, even if the computer is locked.


	Tom Geldner suggests :

	Unchecking \"Ask for action when no rule is found\" on the Advanced  tab
	will effectively stop the popups. You can also force TPF  to  require  a
	password for any activity.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH