Vulnerability Development mailing list archives
RE: WinNT and previously used passwords
From: "Keith T. Morgan" <keith.morgan () terradon com>
Date: Tue, 28 May 2002 16:18:00 -0400
-----Original Message----- From: Seymour, Keith [mailto:KESeymour () magellanhealth com] Sent: Tuesday, May 28, 2002 1:40 PM To: 'KF'; vuln-dev () security-focus com Subject: RE: WinNT and previously used passwords
<snip>
One the rights to read from the Reg Key might be easier to gain for the old passwords.
<snip> Good point. Has anyone located where these are stored? My guess is that they're actually stored in the SAM data files.
Two if you are like 'most' people you start with 1st password Tiger then at the next change you change to tiger01 etc. Which is easier to break?
<snip> Another thing to consider is that people use the same password on multiple systems. Getting at previously used passwords would give you ten options that may *very* well gain access to some other system in the enterprise.
Current thread:
- WinNT and previously used passwords KF (May 24)
- Re: WinNT and previously used passwords Kit (May 25)
- RE: WinNT and previously used passwords V (May 25)
- MacOS X 10.1.4 MAC Address Spoofing Juan M. Courcoul (May 26)
- Re: MacOS X 10.1.4 MAC Address Spoofing jsyn (May 27)
- MacOS X 10.1.4 MAC Address Spoofing Juan M. Courcoul (May 26)
- RE: WinNT and previously used passwords Jesper M. Johansson (May 25)
- Re: WinNT and previously used passwords Kevin Finisterre (May 25)
- Re: WinNT and previously used passwords Roland Postle (May 26)
- RE: WinNT and previously used passwords Brett Moore (May 26)
- <Possible follow-ups>
- RE: WinNT and previously used passwords Seymour, Keith (May 28)
- RE: WinNT and previously used passwords Keith T. Morgan (May 28)