Bugtraq mailing list archives
Regarding passwords in registry keys.
From: ash () DRAGONPAW ORG (Ash)
Date: Fri, 19 Feb 1999 17:04:37 -0800
Considering the various threads running around about programs storing passwords temporarily in Windows registry entries I thought I would point out that registry keys are never deleted. The registry marks the key as 'unused' and leaves it in place, the entry never replaced or its space reclaimed. This is why the registry files are always growing. If you look in the O'Riely "Windows Annoyances" book you will find the procedures for exporting the registry to text the creating a new one from that exported file. Requires rebooting into dos and such, very messy. Last time I did this I saved about a meg. So, all those 'temporary' keys that hold these juicy bits are in fact left behind in the registry data files themselves for anyone with a hex editor to find. Could make for interesting mining I think. -- Ash <ash () dragonpaw org> "Love is a Journey, One Heart At a Time."
Current thread:
- Re: [proftpd-l] root compromise ? (fwd), (continued)
- Re: [proftpd-l] root compromise ? (fwd) Dirk Moerenhout (Feb 13)
- Possible Netscape Crypto Security Flaw Haze (Feb 14)
- Re: Possible Netscape Crypto Security Flaw Pete Krawczyk (Feb 16)
- snap utility for AIX. Larry W. Cashdollar (Feb 17)
- Re: snap utility for AIX. Brian Hauber (Feb 18)
- mSQL vulnerability. Christofer C. Bell (Feb 17)
- OT: Copyright on Security advisories Aviram Jenik (Feb 18)
- Re: OT: Copyright on Security advisories Doug Granzow (Feb 19)
- Re: [proftpd-l] root compromise ? (fwd) Dirk Moerenhout (Feb 13)
- Re: mSQL vulnerability. John W. Temples (Feb 18)
- Debian GNU/Linux 2.0r5 released (fwd) Jamie Fifield (Feb 17)
- Regarding passwords in registry keys. Ash (Feb 19)
- Re: [proftpd-l] root compromise ? (fwd) Nic Bellamy (Feb 14)
- Re: ICQ99 crash Eric J. Stevens (Feb 15)
- Re: ICQ99 crash Joe Stewart (Feb 16)
- Re: ICQ99 crash Timothy Doane (Feb 16)