Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: encrypting Autologon credentials?

From: "Rob Shein" <shoten () starpower net>
Date: Wed, 4 Feb 2004 16:43:37 -0500
I'm thinking that the general idea is that if someone's going to use
autologon in the first place, you're not throwing much of a speedbump up by
encrypting the password in the registry. If the registry is
network-accessible without authentication, the machine is pretty vulnerable;
if it's not, then the attacker needs access to the machine itself, and
again, the machine is already logged in and therefore pretty vulnerable.


-----Original Message-----
From: wirepair [mailto:wirepair () roguemail net] 
Sent: Wednesday, January 28, 2004 3:40 PM
To: pen-test () securityfocus com
Subject: encrypting Autologon credentials?


lo all,
I'm curious if anyone has ever seen anything on encrypting 
the "Autologon" feature of Windows. I know its a terrible 
practice to keep it in the cleartext in the registry so I was 
curious if anyone has tried to make this feature more secure. 
I did some google searches but turned up with nada. Any info 
appreciated, -wire
--
Visit Things From Another World for the best
comics, movies, toys, collectibles and more. 
http://www.tfaw.com/?qt=wmf


--------------------------------------------------------------
-------------
--------------------------------------------------------------
--------------





---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: