[202] in Best-of-Security
BoS: [NTSEC] Plaintext passwords exist in registry (fwd'ed)
daemon@ATHENA.MIT.EDU (Peter Tonoly)
Thu May 29 13:03:03 1997
Date: Fri, 30 May 1997 00:41:40 +1000 (EST)
From: Peter Tonoly <anarchie@suburbia.net>
Errors-To: best-of-security-request@suburbia.net
To: best-of-security@suburbia.net
Resent-From: best-of-security@suburbia.net
---------------------------------------------------------------
From : Bill Stout <stoutb@pios.com>
Subj : [NTSEC] Plaintext passwords exist in registry
Date : Wed, 28 May 1997 09:17:53 -0700
Forward? : No
Return : stoutb@pios.com
MsgID : <2.2.32.19970528161753.00717450@vaxf.pios.com>
---------------------------------------------------------------
Most facinating what you find if you look.
The registry does store some passwords in plain text. The importance of the
passwords you do find depends on your installation. I found 'password' and
'username' entries at the below locations, but not much software was
installed on these NT boxes. Searching the NT registry for my password
string did not did not display anything, searching the W95 registry for my
specific password string found it in many places:
password locations:
hkey_local_machine\system\controlset001\services\gophersvc\parameters
...\controlset002\"
...\curentcontrolset\"
...\msftpsvc\parameters
...\w3svc\parameters\
username locations:
\hkey+local_machine\software\microsoft\windowsnt\currentversion\winlogon\
...\system\controlset001\services\bh\parameters
...\controlset002\"
...\curentcontrolset\"
...\services\gophersvc\parameters\anonymouseusername
...\logsqlusername
...\msftpsvc\parameters\anonymoususername
...\logsqlusername
...\w3svc\parameters\anonymoususername
...\logsqlusername
