[6376] in bugtraq
Re: RAS 'save password' problems...
daemon@ATHENA.MIT.EDU (David LeBlanc)
Mon Mar 23 01:24:57 1998
Date: Mon, 23 Mar 1998 00:04:13 -0500
Reply-To: David LeBlanc <dleblanc@MINDSPRING.COM>
From: David LeBlanc <dleblanc@MINDSPRING.COM>
X-To: Aleph One <aleph1@DFW.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.SUN.3.94.980320111917.19659Q-100000@dfw.dfw.net>
At 11:19 AM 3/20/98 -0600, Aleph One wrote:
>---------- Forwarded message ----------
>Date: Thu, 19 Mar 1998 14:09:44 -0800
>From: martin Dolphin <mdolphin@POBOX.COM>
>To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
>Subject: RAS 'save password' problems...
>
>THE PROBLEM:
>Windows NT allows users to save their RAS credentials by using the 'Save
>Password' checkbox when making a dial-up connection. Credentials saved in
>this manner are stored in the
>HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\RasCredentials!SID#0 registry
>key. These credentials can be enumerated using the LSA secrets code. (As
>identified by Paul Ashton in a prior submission to NTBugtraq)
There are also a number of entries corresponding to previous logins by
users. There is a way to turn this behavior off, but I don't recall at the
moment exactly what it is.
Essentially, it is there to allow you to log on if the domain controller
can't be reached. I believe it stores hashes rather than clear-text.
The RAS functionality can often be annoying as well - it tends to prompt me
for my password even when I'm using a script (which of course contains the
user-password pair in the clear). Not sure why it thinks it needs it - I
just leave it blank, but a less astute user would probably type in their
actual password.
David LeBlanc |Why would you want to have your desktop user,
dleblanc@mindspring.com |your mere mortals, messing around with a 32-bit
|minicomputer-class computing environment?
|Scott McNealy
