Subject Re: [IB-Architect] The Borland Back Door
Author Jim Starkey
At 11:58 PM 1/11/01 +1100, Geoff Worboys wrote:
>> Sorry, I've missed. Database explorer logins to server with backdoor
>> username/password OK. But, this user seems to have permissions
>> only to create new objects, but not read data if no grants for
>> where enabled in database.
>Which means you can connect to the ISC4.GDB and read the USERS table,
>including encrypted copies of all the passwords. From there it is, at
>worst, a short brute force trip to resolve the password of any user.

There is no reason to break the password encryption -- you can an
specify an encrypted password in the dpb. So the encrypted version
is every bit as useful as the plain text version. Better, actually,
because it doesn't require the engine to do the encryption, marginally
improving performance when hacking somebody's server.

For examples on how to build the dpb, see the code.

Jim Starkey