|
Penetration Testing
mailing list archives
RE: encrypting Autologon credentials?
From: "Rob Shein" <shoten () starpower net>
Date: Wed, 4 Feb 2004 16:43:37 -0500
I'm thinking that the general idea is that if someone's going to use
autologon in the first place, you're not throwing much of a speedbump up by
encrypting the password in the registry. If the registry is
network-accessible without authentication, the machine is pretty vulnerable;
if it's not, then the attacker needs access to the machine itself, and
again, the machine is already logged in and therefore pretty vulnerable.
-----Original Message-----
From: wirepair [mailto:wirepair () roguemail net]
Sent: Wednesday, January 28, 2004 3:40 PM
To: pen-test () securityfocus com
Subject: encrypting Autologon credentials?
lo all,
I'm curious if anyone has ever seen anything on encrypting
the "Autologon" feature of Windows. I know its a terrible
practice to keep it in the cleartext in the registry so I was
curious if anyone has tried to make this feature more secure.
I did some google searches but turned up with nada. Any info
appreciated, -wire
--
Visit Things From Another World for the best
comics, movies, toys, collectibles and more.
http://www.tfaw.com/?qt=wmf
--------------------------------------------------------------
-------------
--------------------------------------------------------------
--------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- RE: encrypting Autologon credentials? Rob Shein (Feb 05)
|
Intro
