Interesting site stating that saved passwords and passwords from dial-up
sessions, web sites and so on can be found using
The infamous tool calles lsadump. All fine & well, but it doesn't do
squad for the initial statement that started this thread being the
cached credentials. Unless I am very much mistaken, in that case
guidelines would be very welcome, there is no publicly available tool
that displays the cached credential password. Nor do I think the storage
location of the cached credentials is public knowledge.
Kim Oppalfens
-----Original Message-----
From: simonis [mailto:simonis (at) myself (dot) com [email concealed]]
Sent: dinsdag 2 september 2003 14:42
To: fala83 (at) libero (dot) it [email concealed]
Cc: focus-ms; todd
Subject: Re: focus-ms (at) securityfocus (dot) com [email concealed]
"fala83 (at) libero (dot) it [email concealed]" wrote:
>
> In my opinion a system wouldn'n cache password locally.
> E.g. Sysadmin logs in into a workstation and password will be stored
> locally. An attacker could retrieve his password and login into the
> whole network whit administrative privileges. It is not completely
> safe. I'd rather prefer use Kerberos, using his tickets to access
> network resource without caching password. Anyway if the password must
> be stored locally, it must be!
>
A kerberos (read: network) password doesn't do squat for a disconnected
user wishing to log on with their network account. It is for this
purpose that Windows can and does cache the password, and not just
for a specific user.
Check out http://is-it-true.org/nt/registry/rtips320.shtml
---
KaVaDo provides the first and only integrated Web application scanner
and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on
Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
------------------------------------------------------------------------
Interesting site stating that saved passwords and passwords from dial-up
sessions, web sites and so on can be found using
The infamous tool calles lsadump. All fine & well, but it doesn't do
squad for the initial statement that started this thread being the
cached credentials. Unless I am very much mistaken, in that case
guidelines would be very welcome, there is no publicly available tool
that displays the cached credential password. Nor do I think the storage
location of the cached credentials is public knowledge.
Kim Oppalfens
-----Original Message-----
From: simonis [mailto:simonis (at) myself (dot) com [email concealed]]
Sent: dinsdag 2 september 2003 14:42
To: fala83 (at) libero (dot) it [email concealed]
Cc: focus-ms; todd
Subject: Re: focus-ms (at) securityfocus (dot) com [email concealed]
"fala83 (at) libero (dot) it [email concealed]" wrote:
>
> In my opinion a system wouldn'n cache password locally.
> E.g. Sysadmin logs in into a workstation and password will be stored
> locally. An attacker could retrieve his password and login into the
> whole network whit administrative privileges. It is not completely
> safe. I'd rather prefer use Kerberos, using his tickets to access
> network resource without caching password. Anyway if the password must
> be stored locally, it must be!
>
A kerberos (read: network) password doesn't do squat for a disconnected
user wishing to log on with their network account. It is for this
purpose that Windows can and does cache the password, and not just
for a specific user.
Check out http://is-it-true.org/nt/registry/rtips320.shtml
-ds
------------------------------------------------------------------------
---
KaVaDo provides the first and only integrated Web application scanner
and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on
Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
------------------------------------------------------------------------
---
[ reply ]