• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

NT RAS Dial-up Networking "Save Password" Vulnerability

Solution:
Microsoft has released a hotfix for NT 4.0 SP3 machines that prevents enumeration of the LSA secrets. This hotfix can be found at: ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/lsa2-fix/

This hotfix has been included in Service Pack 4.

However, the LSA-2 patch does not prevent the username, phone number, and password from being saved in the Policy\Secrets\RasDialParams!SID#0 registry key. Microsoft has released a post SP5 hotfix that prevents these credentials from being cached. This hotfix can be found at

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/Hotfixes-PostSP5/RASPassword-fix/ or

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/Hotfixes-PostSP5/RRASPassword-fix/