Penetration Testing: RE: Where are Windows "Enforce password history" passwords stored?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

RE: Where are Windows "Enforce password history" passwords stored?

From: <Wil.Allsopp () ins com>
Date: Tue, 30 Aug 2005 21:59:03 +0100

James Leighe [jamesleighe () gmail com] wrote:

It's stored as a hash, so if you find out how to access them, you
would have to crack it. So basically, it's not worth the time when an
attacker could just go for the current password.



This shows a fundamental misunderstanding of security as well as the way
hackers think. There are many advantages for an attacker to have your
previous passwords - passwords are reused and some may be current on
peripheral or entirely separate systems.

Wil

By Date By Thread

Current thread:

Re: Where are Windows "Enforce password history" passwords stored?, (continued)
- Re: Where are Windows "Enforce password history" passwords stored? Jean-Baptiste Marchand (Aug 30)
- Re: Where are Windows "Enforce password history" passwords stored? James Leighe (Aug 30)
- RE: Where are Windows "Enforce password history" passwords stored? Steve A (Aug 30)
- RE: Where are Windows "Enforce password history" passwords stored? Soluk, Kirk (Aug 30)
  - RE: Where are Windows "Enforce password history" passwords stored? dave kleiman (Aug 30)
- RE: Where are Windows "Enforce password history" passwords stored? Wil.Allsopp (Aug 30)
- Re: Where are Windows "Enforce password history" passwords stored? totiebash (Aug 31)
- RE: Where are Windows "Enforce password history" passwords stored? Nick Duda (Aug 31)