Bugtraq mailing list archives
Re: RAS 'save password' problems...
From: noam () ZSOFT COM (Noam Ben-Yochanan)
Date: Sun, 22 Mar 1998 18:11:50 +0200
---------- Forwarded message ---------- Date: Thu, 19 Mar 1998 14:09:44 -0800 From: martin Dolphin <mdolphin () POBOX COM> To: NTBUGTRAQ () LISTSERV NTBUGTRAQ COM Subject: RAS 'save password' problems... THE PROBLEM: Windows NT allows users to save their RAS credentials by using the 'Save Password' checkbox when making a dial-up connection. Credentials saved in this manner are stored in the HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\RasCredentials!SID#0 registry key. These credentials can be enumerated using the LSA secrets code. (As identified by Paul Ashton in a prior submission to NTBugtraq)
I've written code using the RasGetEntryDialParams() function. Here's Microsoft's description of this function: ---begin description--- The RasGetEntryDialParams function retrieves the connection information saved by the last successful call to the RasDial or RasSetEntryDialParams function for a specified phone-book entry. ---end description--- Another function which is supposed to supersede this function is RasGetCredentials(). Here's the description for this function: ---begin description--- The RasGetCredentials function retrieves the user credentials associated with a specified RAS phone-book entry. ---end description--- In both cases the clear-text password is a field in the retrieved record. No need to access the regitry, no need to use the LSA secrets code. I think Microsoft thought they should provide such a feature for purposes of automatic dialup connections - to avoid the need for user input. This might sound a bit funny, but if the password isn't saved, a human has to enter it manualy, but a program can just use one of the aformentioned functions. Microsoft seemingly makes a distinction between the privilages of a user and those of a program (i.e. programmer). Noam Ben-Yochanan noam () zsoft com
Current thread:
- RAS 'save password' problems... Aleph One (Mar 20)
- Re: RAS 'save password' problems... David LeBlanc (Mar 22)
- Way to stop /tmp races Pavel Machek (Mar 21)
- Re: RAS 'save password' problems... martin Dolphin (Mar 23)
- buffer overflow with a twist bjorn smedman (Mar 24)
- ncftp 2.4.3 overflow / su killing Michal Zalewski (Mar 24)
- apache+ssl 1.13 symlink problem Ondrej Suchy (Mar 24)
- <Possible follow-ups>
- Re: RAS 'save password' problems... Noam Ben-Yochanan (Mar 22)
- Re: RAS 'save password' problems... martin Dolphin (Mar 22)
- Re: RAS 'save password' problems... David LeBlanc (Mar 22)