Penetration Testing mailing list archives
RE: Where are Windows "Enforce password history" passwords stored?
From: "Nick Duda" <nduda () VistaPrint com>
Date: Wed, 31 Aug 2005 07:21:55 -0400
I agree...having access to pas passwords is a big gain. Consider the following, an employee uses the following password scheme, Password1, Password2, Password3, Password4 and the current password is Password5. I'll bet you I know what the next password will be. - Nick -----Original Message----- From: Wil.Allsopp () ins com [mailto:Wil.Allsopp () ins com] Sent: Tuesday, August 30, 2005 4:59 PM To: pen-test () securityfocus com Subject: RE: Where are Windows "Enforce password history" passwords stored? James Leighe [jamesleighe () gmail com] wrote:
It's stored as a hash, so if you find out how to access them, you would have to crack it. So basically, it's not worth the time when an attacker could just go for the current password.
This shows a fundamental misunderstanding of security as well as the way hackers think. There are many advantages for an attacker to have your previous passwords - passwords are reused and some may be current on peripheral or entirely separate systems. Wil
Current thread:
- Re: Where are Windows "Enforce password history" passwords stored?, (continued)
- Re: Where are Windows "Enforce password history" passwords stored? Jeffrey Denton (Aug 30)
- Re: Where are Windows "Enforce password history" passwords stored? Jeffrey Denton (Aug 30)
- Re: Where are Windows "Enforce password history" passwords stored? blanc (Aug 30)
- Re: Where are Windows "Enforce password history" passwords stored? Jean-Baptiste Marchand (Aug 30)
- Re: Where are Windows "Enforce password history" passwords stored? James Leighe (Aug 30)
- RE: Where are Windows "Enforce password history" passwords stored? Steve A (Aug 30)
- RE: Where are Windows "Enforce password history" passwords stored? Soluk, Kirk (Aug 30)
- RE: Where are Windows "Enforce password history" passwords stored? dave kleiman (Aug 30)
- RE: Where are Windows "Enforce password history" passwords stored? Wil.Allsopp (Aug 30)
- Re: Where are Windows "Enforce password history" passwords stored? totiebash (Aug 31)
- RE: Where are Windows "Enforce password history" passwords stored? Nick Duda (Aug 31)
- Re: Where are Windows "Enforce password history" passwords stored? Jeffrey Denton (Aug 30)