Microsoft Money Subject to Local Password Attack

 

Reported August 28, 2000 by
Ken

VERSIONS AFFECTED
  • Microsoft Money 2000
  • Microsoft Money 2001

DESCRIPTION

The password protection scheme in Money can be locally exploited under certain condition where the password may be written to file in plain text format.

VENDOR RESPONSE

Microsoft is aware of the problem and issued FAQ #FQ00-61, a Support Online article Q272232, and a patch to correct this matter. Microsoft's bulletin states that the patch is available for automatic download using the "Update Internet Information" feature in Money as follows:

1. On the Tools menu, click Update Internet Information.
2. Follow the instructions on the screen to install the patch.
3. Microsoft recommends users change their password after applying t
his fix as a best practice.

CREDIT

Discovered by Ken
TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish