NT RAS Dial-up Networking "Save Password" Vulnerability

NT RAS Dial-up Networking "Save Password" Vulnerability

Solution:
Microsoft has released a hotfix for NT 4.0 SP3 machines that prevents enumeration of the LSA secrets. This hotfix can be found at: ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/lsa2-fix/

This hotfix has been included in Service Pack 4.

However, the LSA-2 patch does not prevent the username, phone number, and password from being saved in the Policy\Secrets\RasDialParams!SID#0 registry key. Microsoft has released a post SP5 hotfix that prevents these credentials from being cached. This hotfix can be found at

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/Hotfixes-PostSP5/RASPassword-fix/ or

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/Hotfixes-PostSP5/RRASPassword-fix/