Windows Me Exposed Passwords in Compressed Files Vulnerability Patch

Published by
Published on
Windows Me contains a data-compression feature called Compressed Folders. For interoperability with leading third-party compression tools, it provides a password-protection option for folders that have been compressed. However, due to a flaw in the package's implementation, the passwords used to protect the folders are recorded in a file on the user's system. If an attacker gained access to an affected machine on which password-protected folders were stored, she could learn the passwords and access the files.The patch will prevent passwords from being written to the user's system in the future. However, as discussed in the FAQ, after applying the patch, it is important to also delete c:windowsdynazip.log to ensure that all previously-recorded passwords are deleted.
License Free
File Size 206.65 kB
Version MS01-019 (3/28/01)
Operating System Windows Me Windows
System Requirements Windows Me
Published by
Published on

ZDNET Latest Articles