Microsoft KB Archive/164644

= Clear Text Passwords Could Be Left in SNAP Buffers =

Article ID: 164644

Article Last Modified on 10/23/2003

-

APPLIES TO


 * Microsoft SNA Server 3.0 Service Pack 4

-



This article was previously published under Q164644



SYMPTOMS
Even after enabling SNA Server 3.0 client encryption, some SNA Server Windows 95 client logon information may inadvertently appear in clear- text, viewable to a network monitor.



CAUSE
A buffer carrying SNA Server Windows 95 client logon information is not being cleared before being used for subsequent SNA Server client-server messages. This may cause a subsequent message to inadvertently include client logon information.



RESOLUTION
To resolve this problem, obtain the hotfix mentioned below. The updated module is:

\System\Snakrnl.dll



STATUS
Microsoft has confirmed this to be a problem in SNA Server version 3.0. This problem was corrected in the latest Microsoft SNA Server 3.0 U.S. Service Pack. For information on obtaining the service pack, query on the following word in the Microsoft Knowledge Base (without the spaces):

S E R V P A C K

Additional query words: prodsna sna30 snaencrypt

Keywords: kbbug kbfix KB164644

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.