All, recently installed Symantec A/V and looked at the registry in my PC. XP sp1 clear text entries for an NT server and the share name that it uses. An entry for a “netscanpassword” that looks encrypted ? 20AA9E1606F91E64ABF97162783AE5E059E48797D7F Questions ? 1. is this password encrypted via Windows ( lmhash ntlm) 2. some crypt function (ala the UNIX world) 3. some other algorithms ? MD4 MD5 etc… Can I cut and paste the above into John-the-ripper or the crypt function ? What I have in clear text is the NT machine, it's share name and the NT account (user) that it uses. All in the registry or event log. It does "phone home" every week - but I have yet to catch the packet traffic with Ethereal to see what type of authentication it is doing. Anyone else besides me think that this may present a security exposure ( inside our network - of course) ? It seems to me that placing this on every user’s desktop is exposing the A/V server to more risk than is required – if – the account and password (if it can be cracked) can access the server in any manner not expected by the installer. Or - is this old news and already been spotted ? __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Feb 05 2003 - 16:10:46 PST