Penetration Testing mailing list archives
RE: encrypting Autologon credentials?
From: "Rob Shein" <shoten () starpower net>
Date: Wed, 4 Feb 2004 16:43:37 -0500
I'm thinking that the general idea is that if someone's going to use autologon in the first place, you're not throwing much of a speedbump up by encrypting the password in the registry. If the registry is network-accessible without authentication, the machine is pretty vulnerable; if it's not, then the attacker needs access to the machine itself, and again, the machine is already logged in and therefore pretty vulnerable.
-----Original Message----- From: wirepair [mailto:wirepair () roguemail net] Sent: Wednesday, January 28, 2004 3:40 PM To: pen-test () securityfocus com Subject: encrypting Autologon credentials? lo all, I'm curious if anyone has ever seen anything on encrypting the "Autologon" feature of Windows. I know its a terrible practice to keep it in the cleartext in the registry so I was curious if anyone has tried to make this feature more secure. I did some google searches but turned up with nada. Any info appreciated, -wire -- Visit Things From Another World for the best comics, movies, toys, collectibles and more. http://www.tfaw.com/?qt=wmf -------------------------------------------------------------- ------------- -------------------------------------------------------------- --------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: encrypting Autologon credentials? Rob Shein (Feb 05)
- Re: encrypting Autologon credentials? wirepair (Feb 05)