[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <653552211.20060527142704@SECURITY.NNOV.RU>
Date: Sat, 27 May 2006 14:27:04 +0400
From: 3APA3A <3APA3A@...URITY.NNOV.RU>
To: feedb4ck@...k.org
Cc: bugtraq@...urityfocus.com
Subject: Re: LM hashes in a hot-desking environment
Dear feedb4ck@...k.org,
--Thursday, May 25, 2006, 5:46:43 PM, you wrote to bugtraq@...urityfocus.com:
fzo> Although it is a well known fact that Windows desktops and servers still
fzo> use LM Hashes and cache the last ten userids and passwords locally, just
fzo> in-case an Active Directory, Domain, or NDS tree are not available, has
fzo> anyone thought about the consequences of this issue in a hot-desking, or
fzo> flexible working environment?
Windows doesn't cache passwords. If I remember correctly, the cached
value is actually MD5 from NT key and can not be used directly. LM
hashes can be disabled through group policy, see
http://support.microsoft.com/?kbid=299656. Local SAM doesn't store
domain accounts.
fzo> Now, I know what everyone is saying, wait a minute, for PWDUMP to work you
fzo> need to be administrator to the local machine. But think again, how
fzo> often is this the case? Many companys only look to restrict network
fzo> access - as restricting local access may cause issues with applications
fzo> which need to access the local drive.
If your users on shared hosts work with local administrators privileges
- you have no security at all. Forget about about PWDUMP, it's too hard.
Think about trojans and keyloggers user can install to obtain
credentials of different user. Even more: if you have shared computer
and you have no physical security, everyone can install hardware
keylogger.
Your problem is you have strange approach to security. Good approach is:
What should I protect?
--
~/ZARAZA
http://www.security.nnov.ru/
Powered by blists - more mailing lists