Sharepoint 2003 installation fails and account password revealed in setup log

From: Alexander Fichman (fichmana_at_013.NET)
Date: 12/01/04

  • Next message: Brett Moore: "Winamp - Buffer Overflow In IN_CDDA.dll [ Patch Released ]"
    Date:         Wed, 1 Dec 2004 22:28:20 +0200
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    System tested/affected:
    WSS, SharePoint 2003 - Hebrew localized version

    Details:
    I have a domain user account which has a complex password, including a leading dash (-). After installing SPS components (which includes WSS), I was prompted to enter database access account, at which point I entered the mentioned account. After a while, SPS blew with the following popup text, several times:

    Visual C++ Runtime library
    Runtime error
    This application has requested the runtime to terminate it in an unusual way.

    At this point SPS is indicated as 'removed'. Clicking next shows an Unsuccessful installation dialog which points to %windir%\temp installation log files. One of these files is STSADM.log-setup_[date] [time].log .
    Looking at this short log file reveals a line with the text:

    ... ... stsadm: Unknown Argument: <clear password, without leading dash>

    Another log file named STSADM.log is found under <profile>\local settings\temp with the same line as above.

    It seems that SPS installation routine passes the account information to command-line STSADM.EXE, which mistakes the leading dash for an argument/option indicator, fails, and causes an unhandled exception with SPS setup. STSADM then writes a log file which reveals the entered password, minus the leading hyphen.

    Although not tested, I have a strong suspicion that the English version and other localized versions behave the same.

    Alexander Fichman

    --
    Editor's Note: The 43rd Most Powerful Person in Networking says...
    Register today to take the TruSecure ICSA exam by 12/31/04  at
    <http://www.2test.com> ,  use promo code "CT1204" and you will pay just
    $221.25 US Dollars for domestic exam delivery and  $296.25 US Dollars
    for international delivery.
    Visit <https://ticsa.trusecure.com>  for complete details regarding the
    TICSA credential and to take the free sample exam.
    --
    

  • Next message: Brett Moore: "Winamp - Buffer Overflow In IN_CDDA.dll [ Patch Released ]"