Home page logo

pen-test logo Penetration Testing mailing list archives

RE: encrypting Autologon credentials?
From: "Rob Shein" <shoten () starpower net>
Date: Wed, 4 Feb 2004 16:43:37 -0500

I'm thinking that the general idea is that if someone's going to use
autologon in the first place, you're not throwing much of a speedbump up by
encrypting the password in the registry. If the registry is
network-accessible without authentication, the machine is pretty vulnerable;
if it's not, then the attacker needs access to the machine itself, and
again, the machine is already logged in and therefore pretty vulnerable.

-----Original Message-----
From: wirepair [mailto:wirepair () roguemail net] 
Sent: Wednesday, January 28, 2004 3:40 PM
To: pen-test () securityfocus com
Subject: encrypting Autologon credentials?

lo all,
I'm curious if anyone has ever seen anything on encrypting 
the "Autologon" feature of Windows. I know its a terrible 
practice to keep it in the cleartext in the registry so I was 
curious if anyone has tried to make this feature more secure. 
I did some google searches but turned up with nada. Any info 
appreciated, -wire
Visit Things From Another World for the best
comics, movies, toys, collectibles and more. 



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]