-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 To disable password caching in Windows NT one should set following registry value to 0. By default it's not set, and assumed to be 10 . Hive: HKEY_LOCAL_MACHINE Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon Name: CachedLogonsCount Type: REG_DWORD Value: 0 to 50 Information about this registry value can be found in KB, article Q172931. Bronek Kozicki - -------------------------------------------------- ICQ UID: 25404796 PGP KeyID: 0x4A30FA9A 07EE 10E6 978C 6B33 5208 094E BD61 9067 4A30 FA9A - -----Original Message----- From: Bugtraq List [mailto:BUGTRAQat_private]On Behalf Of Nick FitzGerald Sent: Tuesday, May 18, 1999 2:35 PM To: BUGTRAQat_private Subject: Re: Secure Storage of Secrets in Windows > The Win32 API provides such service. Although in the past it was > found that its encryption was rather weak Microsoft claims to have > fixed it, no one else has claimed otherwise, and its better than > nothing. (References: > http://www.netsys.com/firewalls/firewalls-9512/0442.html > http://www.geek-girl.com/bugtraq/1995_4/0138.html ). > > So here is a reminder to Windows application programs that you can > use WNetCachePassword and WNetGetCachedPassword, which in some > documentation MS calls the Master Password API. Indeed. And for admins who wish to prevent user machines from caching passwords the following Win9x REG file may be useful: REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ Network] "DisablePwdCaching"=dword:00000001 Apply that to a client machine then nuke all PWL files in the Windows dir and you need not worry whether future vulnerabilities might open you to exposure from cached passwords. I imagine there is something similar for NT. Anyone know the details? Regards, Nick FitzGerald -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.0.2i iQA/AwUBN0Q0Xr1hkGdKMPqaEQIu7QCgnGIIkG6/sqbfpNz1X7VwrXDjKh8AoIYe gwtMemc7l4H8HM6L6hh/IXMk =Q7gq -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:46:16 PDT