September 13th, 2003, 02:51 PM
K7VMM Bios Password flaw
I was recently fiddling around with my bios and I put the boot password on to prevent siblings from screwing my computer up. Few days later, I turned my pc on put the password in and realized that the 9 character password I put in was wrong. The last character was incorrect BUT it let me boot my pc up. Thinking it was just a fluke, I tried it again with several different characters than the correct one, and sure enough, there exists a "flaw" in coding I assume, so that no matter what the last character is it will always let it go through. ECS makes the motherboard for those that want to know. I also thought that maybe AMI (bios) needed to be updated, so I did that too and it still did not fix it.
(If this is in the wrong catagory, please move it, thanks)
September 13th, 2003, 03:15 PM
Dosent the bois password only stop people changing your bios settings?
If your booting you pc up and entering a password that would be your logon details not your bios details.
September 13th, 2003, 03:38 PM
Actually with this motherboard, its a password to prevent booting too. I questioned that too at first when I bought the board, but thought eh why not give it a try. The password to enter the bios as well as booting up remains the same.
September 13th, 2003, 03:41 PM
Nokia, you can also use a password you need to enter before your computer boots your OS.
But the BIOS password can be easily bypassed by resetting the CMOS. You shouldn't rely on this password if you can't lock up your case.
The above sentences are produced by the propaganda and indoctrination of people manipulating my mind since 1987, hence, I cannot be held responsible for this post\'s content
September 13th, 2003, 03:45 PM
LOL, fortunatly enough my brother and sister would know what a CMOS setting is. I dont have anything confidential (with the exception of a few pictures) but I hate when settings get changed etc. They are the types that they know too much for their own good. Plus, I love when they get really p!ssed off at me because they cant check their email lol.
September 13th, 2003, 05:07 PM
This will reley on your type of Mo Bo though and is not a standard feature.
September 13th, 2003, 05:14 PM
Very true nokia, so going back to my original ?.....what should I do/who do I contact to see if there is a fix, or to let them know it has a flaw? anyone know?
September 13th, 2003, 05:16 PM
I am a totally stupid moron.........so please neg me
I might suggest that your password system only accepts a certain number of characters (8) and that the array or whatever that you are presented with, lets you enter more than that? so the ones in excess of those that it checks are irrelevant from a security point..........it is a pretty elementary programming/design error..............so I must be at fault?
I am critical (not of you ) because this kind of error lulls you into a false sense of security?
September 13th, 2003, 06:50 PM
Thanks Nihil, I never thought about it that way, but it makes logical sense. I can enter a max of 9 characters, and only the 8 are recognized or accepted. So I assume then its a design/programming flaw, and I wonder if I contact ECS, if maybe I can get a free mobo WOOHOO. Also I assigned you posi-points. Thanks again.
Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.
September 13th, 2003, 08:36 PM
Thank you for your reply.............I guess you are fairly young compared to me at least so I just thought I should mention that this particular problem can happen elsewhere.
For example, if you are using a table or array within a program to store calculated sub-totals, you have to make sure that it is large enough. Otherwise, you see an input field that looks OK and an output field that is the same.....problem happens inside the program, where you might not see it. My message is that you need to "walk through" your program logic and design to be safe.
Similarly, you need to keep an eye on column widths and paper size in printed reports. Hey, I wish I had 1$ for every mistake that I have made Point is...learn from them.