Re: Secure Storage of Secrets in Windows

From: Bronek Kozicki (bronekat_private)
Date: Thu May 20 1999 - 10:14:49 PDT

Next message: Philipp Schott: "Re: IRIX midikeys root exploit."

Previous message: matthew green: "NetBSD Security Advisory 1999-010"
Maybe in reply to: Aleph One: "Secure Storage of Secrets in Windows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

To disable password caching in  Windows NT one should set following
registry value to 0. By default it's not set, and assumed to be 10 .

Hive: HKEY_LOCAL_MACHINE
Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Name: CachedLogonsCount
Type: REG_DWORD
Value: 0 to 50

Information about this registry value can be found in KB, article
Q172931.

Bronek Kozicki

- --------------------------------------------------
ICQ UID: 25404796            PGP KeyID: 0x4A30FA9A
07EE 10E6 978C 6B33 5208  094E BD61 9067 4A30 FA9A



- -----Original Message-----
From: Bugtraq List [mailto:BUGTRAQat_private]On Behalf Of Nick
FitzGerald
Sent: Tuesday, May 18, 1999 2:35 PM
To: BUGTRAQat_private
Subject: Re: Secure Storage of Secrets in Windows


> The Win32 API provides such service. Although in the past it was
> found that its encryption was rather weak Microsoft claims to have
> fixed it, no one else has claimed otherwise, and its better than
> nothing. (References:
> http://www.netsys.com/firewalls/firewalls-9512/0442.html
> http://www.geek-girl.com/bugtraq/1995_4/0138.html ).
>
> So here is a reminder to Windows application programs that you can
> use WNetCachePassword and WNetGetCachedPassword, which in some
> documentation MS calls the Master Password API.

Indeed.

And for admins who wish to prevent user machines from caching
passwords the following Win9x REG file may be useful:

   REGEDIT4


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\
Network]
   "DisablePwdCaching"=dword:00000001

Apply that to a client machine then nuke all PWL files in the Windows
dir and you need not worry whether future vulnerabilities might open
you to exposure from cached passwords.

I imagine there is something similar for NT.  Anyone know the
details?


Regards,

Nick FitzGerald


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.0.2i

iQA/AwUBN0Q0Xr1hkGdKMPqaEQIu7QCgnGIIkG6/sqbfpNz1X7VwrXDjKh8AoIYe
gwtMemc7l4H8HM6L6hh/IXMk
=Q7gq
-----END PGP SIGNATURE-----

Next message: Philipp Schott: "Re: IRIX midikeys root exploit."
Previous message: matthew green: "NetBSD Security Advisory 1999-010"
Maybe in reply to: Aleph One: "Secure Storage of Secrets in Windows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:46:16 PDT