Na's Profile

Member since October 8, 2005

  • Name

    Na Na

  • Location:

    United States of America

Favorite Files

Recent Posts

  1. Review - TweakNow PowerPack 2011

    1.0.8 (Oct 8, 2005)

    Stupid Login Flaw in TweakNow Power Pack Professional 2006 v1.08

    A friend of mine recently purchases the software and had it install on his notebook. He had the software password enabled so that others couldn’t use the tool. I found this flaw when I accidentally clicked on the TweakNow PowerPack 2006 shortcut that causes the program to run. The login screen popup and requires me to login before accessing the controls of the program. I click close (because I didn’t have his password) and the program started running, given me access to all the tweaks. I immediately told my friend about it and we did some login tests.

    Here is what we found out,
    List of Steps,
    - Run the program. (login screen popup)
    - Enter the password and click the OK button.
    - Successfully entered into program controls.
    - Close and exit the program.
    - Run the program again. (login screen popup)
    - Leave the password field empty and click Close.
    - Entered into program control successfully without entering password.

    How to prevent this temporary,
    Every time when you exit the program after using the utilities, run the program again and leave the password field empty and click the OK button (An Invalid password screen will popup). Close the program and you are safe that no one will use the above method to access the program controls.
    If you don't do this even after you have shutdown or reset your computers, the login flaw will still work unless you do the prevention steps.

    List of Steps,
    - Run the program. (login screen popup)
    - Enter the password and click the OK button.
    - Successfully entered into program control.
    - Close and exit the program.
    - To avoid others from login in without password, Run the program again. (login screen popup)
    - Leave the password field empty. This time click the OK button. (Invalid password screen popup).
    - Click close and the program closes without entering to program control.
    - The close button no longer works until the user login successfully again.