ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 4598] New: Caching of logon info

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Fri, 19 Mar 2010 10:39:22 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4598

           Summary: Caching of logon info
           Product: Wireshark
           Version: 1.0.9
          Platform: x86
        OS/Version: Windows 2000
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: gedropi@xxxxxxxxx


Build Information:
Version 1.0.9 (SVN Rev 29911)

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.8, with GLib 2.14.6, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with ADNS, with Lua 5.1, with GnuTLS 2.6.3, with Gcrypt 1.4.3, with MIT
Kerberos, with PortAudio V19-devel, with AirPcap.

Running on Windows 2000 Service Pack 4, build 2195, with WinPcap version 4.1
beta5 (packet.dll version 4.1.0.1452), based on libpcap version 1.0.0, without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
First:
I first log onto Windows machine
I log onto my Isp
I log into my proxy
Maybe do a few things online (eg. go to a few websites)
Then log into Wireshark

Next:
When launching WS, immediately the capture starts a DNS authentication trace
and an etherXXXXa* file with Windows & ISP usernames AND passwords is created. 
Since I expect WS to be literal, I would expect that those actions that had
taken place in the past (logons & DNS authentication) would not be  captured
since WS had not been started when I logged on.  That means that this
information is being cached or worse somewhere.  For my peace of mind, please
can you tell me about this security issue?  Thank you.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube