Passwords in RAM dumps [formally Novell GroupWise Plain Text Password Vulnerability.]

To: <@securityfocus.com BUGTRAQ <BUGTRAQ@xxxxxxxxxxxxxxxxx>, <securityteam@xxxxxxxxxxxx>
Subject: Passwords in RAM dumps [formally Novell GroupWise Plain Text Password Vulnerability.]
From: "Anything But Microsoft" <abm@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 04 Jul 2005 19:19:55 -0400
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

App after app tested by me here finds my user name and password in memory. Two 
apps out of fourteen tested stored the password in RAM with some type of hash. 
But I wouldn't be surprised if this was easily translated.

I've only looked at the running process of five apps on Linux so far but have 
yet to find a password in plain text.

Do we conclude this is a Windows problem? Or are Windows programmers lazy, 
poorly trained or in general a bunch that don't care about security? (like Bill 
G, expept when convenient and not compromising the monopoly?)

Follow-Ups:
- Re: Passwords in RAM dumps [formally Novell GroupWise Plain Text Password Vulnerability.]
  - From: Jason Coombs

Prev by Date: RE: /dev/random is probably not
Next by Date: Re: /dev/random is probably not
Previous by thread: Re: Imail Cookie Vulnerability (unhashed)
Next by thread: Re: Passwords in RAM dumps [formally Novell GroupWise Plain Text Password Vulnerability.]
Index(es):
- Date
- Thread