Hancom Office 2007 Reboot.ini Clear-Text Passwords Vulnerability

1999-02-09T00:00:00
ID EDB-ID:19192
Type exploitdb
Reporter Russ Cooper
Modified 1999-02-09T00:00:00

Description

Hancom Hancom Office 2007 Reboot.ini Clear-Text Passwords Vulnerability. CVE-1999-0372 . Local exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/228/info

During installation of BackOffice 4.0, a file called reboot.ini is created and stored in the \Program Files\Microsoft BackOffice directory. This file contains clear-text usernames and passwords for several services that may be created during installation. These services include: SQL Executive Logon, Exchange Services, and MTS Remote Administration (and potentially others). The File ACLs for this file are set to Everyone:Full Control. 

Clear-text usernames and passwords are stored in the \Program Files\Microsoft BackOffice\Reboot.ini file.