Users login

Create an account »


Users login

Home » Hacking News » Windows 2000 EFS Temporary File Retrieval Vulnerability

Windows 2000 EFS Temporary File Retrieval Vulnerability

by Phiber on January 22nd, 2001 A problem in the package could allow the recovery of sensitive data encrypted by the EFS. When the file is selected for encryption, and backup copy of the file is moved into the temporary directory using the file name efs0.tmp.....

The data from this file is taken and encrypted using EFS, with the backup file being deleted after the encryption process is performed. However, after the file is encrypted and the file is deleted, the blocks in the file system are never cleared, thus making it possible for a any user on the local host to access the data of the encrypted file, which falls outside of the constrains of access control imposed by the Operating System. This makes it possible for a malicious user to recover sensitive data encrypted by EFS.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »