|
|
For Windows 95 and WfW, access to directories, printers or pages of the clipboard which were shared by another party is facilitated by keeping the necessary passwords inside the file [ account name].pwl. To do this, the option "Save password in the password list" can be selected. If this option is activated, the result may be that passwords are stored unintentionally. If Windows 95 is used within a NetWare network environment, the passwords will be automatically stored in the [ account name]. pwl. file. Access rights however, are only granted at the user level.
Should a third party get access to the WfW or Windows 95 computer he/she would have direct access to the password list ([ account name].pwl). The passwords kept for access to resources of other parties are protected by the WfW or Windows 95 password. If this is deactivated or widely known or if WfW or Windows 95 is already active without a screen lock, unauthorised persons can establish connections to other computers.
Note:
Programs are now offered through the Internet which allow decoding of PWL files for WfW without knowledge of the password. The passwords stored in these files can often be discovered as plain text inside of the windows-specific temporary swap file386spart.par. For this reason, an appropriate site access protection or data access protection at file level has to be installed.
| © Copyright
by Bundesamt für Sicherheit in der Informationstechnik |