Sultans Of Ping Forum Index Sultans Of Ping
New forum for the band Sultans of Ping.
Please register and post so this becomes as popular as the old one.
Hosted by ping.fishtank.org.uk.
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

CComBSTR Issues !

 
Post new topic   Reply to topic    Sultans Of Ping Forum Index -> Everything Else
View previous topic :: View next topic  
Author Message
Johneames
Psychopath


Joined: 14 Oct 2017
Posts: 137

PostPosted: Wed Nov 29, 2017 1:39 pm    Post subject: CComBSTR Issues ! Reply with quote

hello,

We sell terminal emulation and FTP client software to banks. These programs use SSL and SSH DLLs to do the encryption, and must be passed a password, which is done using a CComBSTR.
The bank sent us an email indicating they saw clear text passwords in memory 10 minutes after the user logged in. We looked into this and cleaned up our own code, but we can still see a BSTR with the clear text password in memory, sometimes.
We talked to our supplier and they made some changes which reduced the chance of seeing a clear text password in memory, but they said they can't do anything about the CComBSTR issue.


Please help.
Thanks!

I didn't find the right solution from the Internet.

References:
https://social.msdn.microsoft.com/Forums/windowsdesktop/en-US/ed3efbc1-8872-4224-bc4e-5317e1b26a50/ccombstr-issues?forum=windowssecurity


whiteboard video examples
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Sultans Of Ping Forum Index -> Everything Else All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group