Microsoft Windows 2000 Default 40-bit Encrypted Protected Store Vulnerability

Windows 2000 Protected Store uses a default 40-bit encryption instead of utilizing the stronger 56-bit DES encryption that it is shipped with, or 168-bit Triple DES (if Windows 2000 has been upgraded using the High Encryption Pack). A remote or local user who posesses full administrative rights can use decryption utilities against the weakly encrypted Protected Store in order to obtain user private keys.


Privacy Statement
Copyright 2010, SecurityFocus