[6385] in bugtraq
Re: RAS 'save password' problems...
daemon@ATHENA.MIT.EDU (martin Dolphin)
Mon Mar 23 19:31:08 1998
Date: Mon, 23 Mar 1998 14:41:29 -0800
Reply-To: martin Dolphin <mdolphin@POBOX.COM>
From: martin Dolphin <mdolphin@POBOX.COM>
X-To: David LeBlanc <dleblanc@MINDSPRING.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <3.0.3.32.19980323000413.00bf5ae0@mindspring.com>
At 12:04 AM 3/23/98 -0500, David LeBlanc wrote:
The way to disable this is to use the CachedLogonsCount registry value in
the HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon registry
key. Default value is 10 if the key doesn't exist. I keep my set at 1 so
only the first logon is cached.
NT does store the hashes and not clear text. It store these credentials in
the HKLM\SECURITY\Policy\Secrets area of the registry as NL$1 to NL$10 and
it stores the lanman hash followed by the NT hash followed by 3 bytes of
'status'. (as per Paul Aston's posting to NTBUGTRAQ) I'd bet that these
hashes are not syskeyed.
>
>There are also a number of entries corresponding to previous logins by
>users. There is a way to turn this behavior off, but I don't recall at the
>moment exactly what it is.
>
>Essentially, it is there to allow you to log on if the domain controller
>can't be reached. I believe it stores hashes rather than clear-text.
>
>The RAS functionality can often be annoying as well - it tends to prompt me
>for my password even when I'm using a script (which of course contains the
>user-password pair in the clear). Not sure why it thinks it needs it - I
>just leave it blank, but a less astute user would probably type in their
>actual password.
>
>
>David LeBlanc |Why would you want to have your desktop user,
>dleblanc@mindspring.com |your mere mortals, messing around with a 32-bit
> |minicomputer-class computing environment?
> |Scott McNealy
>
