Discovering passwords in the memory

Contributed by Abhishek Kumar

Escalation of privileges is a common method of attack where a low privileged user exploits a vulnerability to become an administrator or a higher privileged user. Privilege escalation may be achieved through cracking of administrative passwords, local buffer overflows and stealing of passwords. This paper discusses a common vulnerability that could be exploited by low privileged users to steal critical passwords and escalate their privileges. While this vulnerability has been known for several years, our research indicates that a large number of applications are still vulnerable to this flaw. As of this writing, we have informed the software vendors about the vulnerability, and are working with them to fix it.

This document is in PDF format. To view it click here.

Rate this article: 
No votes yet