‘Accessing a Locked Workstation MS ActiveSync ‘

Summary

‘A security vulnerability in MS ActiveSync allows anyone with a Windows PocketPC to synchronize with a Windows machine without needing to unlock it. This would enable the attacker to gain access to Outlook appointments, contacts, synchronized files, etc by having physical access to a locked station.’

Credit:

‘The information has been provided by Jeff.Samples.’


Details

Vulnerable Systems:
Microsoft Windows 2000 Professional (build 2195) w/ SP1 and Microsoft ActiveSync 3.1 (tested using HP Jornada 540 Series running Windows PocketPC (CE v 3.0.948 Build 9357)

MS ActiveSync can access files from a Win2K workstation even though the workstation has been locked. By simply dropping the HP into the dock, or hooking it up to the COM port (depending on which synchronization method was configured), it will synchronize and download data from a ‘locked’ workstation.’

Categories: Windows