Full Disclosure mailing list archives
Re: Retrieve info in Protected Storage of other users
From: Nicolas RUFF <nicolas.ruff () gmail com>
Date: Tue, 27 Sep 2005 10:37:04 +0200
lpf () exemail com au wrote:
So far, I can only find tools to retrieve info in WinXP's Protected Storage for the "current" user (e.g. pspr from elcomsoft, or C&A). However, there is no tools to retrieve other users' Protected Storage info - assuming that I can login as local administrator. Is Protected Storage really that "save", and can prevent other users (including admin users) on the same system from snooping in my secret stored in the Protected Storage ?
The protected storage is encrypted with the user logon password. Even an administrator cannot gain access to another user's protected storage. However, he can gain access to the user password through other means (ex. pwdump + john). If an administrator try to reset a user password on Windows XP, he gets a message saying that all user secrets stored in protected storage will be lost. More info on : http://msdn.microsoft.com/library/en-us/dnsecure/html/windataprotection-dpapi.asp Regards, - Nicolas RUFF Security researcher @ EADS-CCR _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Retrieve info in Protected Storage of other users lpf (Sep 26)
- Re: Retrieve info in Protected Storage of other users Nicolas RUFF (Sep 27)