Theater security

by Volker Weber

Thorsten Delbrouck describes in this SecurityTracker post how to bypass Microsoft Office security features:

1.) Open a protected document in MS Word
2.) Save as "Web Page (*.htm; *.html)", close Word
3.) Open html-document in any Text-Editor
4.) Search "" tag, the line reads something like that: <w:UnprotectPassword>ABCDEF01</w:UnprotectPassword>
5.) keep the "password" in mind
6.) Open original document (.doc) with any hex-editor
7.) search for hex-values of the password (reverse order!)
8.) Overwrite all 4 double-bytes with 0x00, Save, Close
9.) Open document with MS Word, Select "Tools / Unprotect Document" (password is blank)

This is about the same level of security as the Notes client provides when locally enforcing the ACL. This can also be removed:

1. Open database in any hex-editor.
2. Find the range of bits between offset 0x16c and 0x1a7.This is the ACL.
3. Set any that aren't 00 to be 00.
4. Save the database.

Notes however does provide real security: Encryption.

2004-01-04 :: email :: twitter :: qr code

Comments

Here's another way to get to the contents of a local database where the ACL is locally enforced:

Rename the nsf to ntf, copy it to your local data directory and use this as a template to create a new database. This will have all design elements and documents of the original db and you have manager access to it.

Indeed this doesn't enable you to edit documents in the original file but at least to see the contents of it.

Oliver Regelmann, 2004-01-04

I tried this Word thing, but didn't quite succeed...
I have a Word form from a client, which is supposed to become a project proposal. Since the form is designed for internal project proposals while I am doing an external one, I need to change some details. I already retrieved an unprotected version, but out of curiosity I wanted to check this out.
Saving the document as a web page, Word alerts me, that besides a text formating loss the form protection will be lost and I can continue or cancel. Continuing I cannot locate the mentioned tag in the resulting HTML file.
Any ideas on this?

Ragnar Schierholz, 2004-01-04

Simpler local ACL enforcement defeat strategy: change IDs. If you don't have another ID, make one. If the database has been carefully crafted to have default of no access, create an ID that matches a name or group that is in the ACL.

Alternatively, add the following line to your Notes.INI...
Disable_Local_Access_Control=1

Nathan T. Freeman, 2004-01-05

I thought the INI mod only worked in release 4.x? It's certainly never worked for me in 5, and it definitely doesn't in 6

Ben Poole, 2004-01-05

Old vowe.net archive pages

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Paypal vowe