Bugtraq mailing list archives

Re: Secure Storage of Secrets in Windows

From: bronek () wpi com pl (Bronek Kozicki)
Date: Thu, 20 May 1999 19:14:49 +0200


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

To disable password caching in  Windows NT one should set following
registry value to 0. By default it's not set, and assumed to be 10 .

Hive: HKEY_LOCAL_MACHINE
Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Name: CachedLogonsCount
Type: REG_DWORD
Value: 0 to 50

Information about this registry value can be found in KB, article
Q172931.

Bronek Kozicki

- --------------------------------------------------
ICQ UID: 25404796            PGP KeyID: 0x4A30FA9A
07EE 10E6 978C 6B33 5208  094E BD61 9067 4A30 FA9A



- -----Original Message-----
From: Bugtraq List [mailto:BUGTRAQ () NETSPACE ORG]On Behalf Of Nick
FitzGerald
Sent: Tuesday, May 18, 1999 2:35 PM
To: BUGTRAQ () NETSPACE ORG
Subject: Re: Secure Storage of Secrets in Windows

The Win32 API provides such service. Although in the past it was
found that its encryption was rather weak Microsoft claims to have
fixed it, no one else has claimed otherwise, and its better than
nothing. (References:
http://www.netsys.com/firewalls/firewalls-9512/0442.html
http://www.geek-girl.com/bugtraq/1995_4/0138.html ).

So here is a reminder to Windows application programs that you can
use WNetCachePassword and WNetGetCachedPassword, which in some
documentation MS calls the Master Password API.


Indeed.

And for admins who wish to prevent user machines from caching
passwords the following Win9x REG file may be useful:

   REGEDIT4


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\
Network]
   "DisablePwdCaching"=dword:00000001

Apply that to a client machine then nuke all PWL files in the Windows
dir and you need not worry whether future vulnerabilities might open
you to exposure from cached passwords.

I imagine there is something similar for NT.  Anyone know the
details?


Regards,

Nick FitzGerald


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.0.2i

iQA/AwUBN0Q0Xr1hkGdKMPqaEQIu7QCgnGIIkG6/sqbfpNz1X7VwrXDjKh8AoIYe
gwtMemc7l4H8HM6L6hh/IXMk
=Q7gq
-----END PGP SIGNATURE-----

Current thread:

Secure Storage of Secrets in Windows Aleph One (May 17)
- <Possible follow-ups>
- Re: Secure Storage of Secrets in Windows Nick FitzGerald (May 18)
  - Re: Secure Storage of Secrets in Windows Bronek Kozicki (May 20)
- Re: Secure Storage of Secrets in Windows Olaf Titz (May 18)
  - Buffer Overruns in RAS allows execution of arbitary code as system Mnemonix (May 19)
  - Re: Secure Storage of Secrets in Windows Eivind Eklund (May 19)
  - NetBSD Security Advisory 1999-010 matthew green (May 21)
    - Re: NetBSD Security Advisory 1999-010 Olaf Kirch (May 21)