11:27 Learn users' passwords 1s | |
| The ability to test at 1C version 8.1.13.41 and 8.2.10.82 (I think by 8.0 the situation is the same) on the operating system Windows Server 2008 both 32 and 64 bit under the local administrator in the terminal session. In fact, and operating systems "postaree" You can find out the password, just not as banal as the tested operating system. For a successful test requires that a terminal server already had at least one user successfully authenticate to the information on 1C (in the configurator mode, or enterprise). Start Task Manager and click on "Show processes from all users", then in the window that appears, click "Continue". After you select the menu: "View" -> "Select Columns ..." button and put a checkbox next to "Command Prompt" and click "OK". We are looking through the eyes of a process 1cv8.exe and watch something like: To me was the revelation that the launching of 1C without command line parameters as login and password, the current process of launching a new authorization with the command-line options, and then terminates itself. I'm not going to focus on the fact that many of the deaths the same password is used not only to access the IB 1C and what the consequences may lead the possession password by another party. I just want to mention that all attempts to use the most 1C encryption algorithms AES, Triple DES, SSL for access to IB, storing passwords in a database table in a special format thwarted the above method of authorization. UPD: moved the blog "Information security» | |
|
| |
| Total comments: 0 | |