lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue Sep 27 09:37:11 2005
From: nicolas.ruff at gmail.com (Nicolas RUFF)
Subject: Retrieve info in Protected Storage of other
	users

lpf@...mail.com.au wrote:
> So far, I can only find tools to retrieve info in WinXP's Protected
> Storage for the "current" user (e.g. pspr from elcomsoft, or C&A).
> 
> However, there is no tools to retrieve other users' Protected Storage info
> - assuming that I can login as local administrator.
> 
> Is Protected Storage really that "save", and can prevent other users
> (including admin users) on the same system from snooping in my secret
> stored in the Protected Storage ?

The protected storage is encrypted with the user logon password.

Even an administrator cannot gain access to another user's protected
storage. However, he can gain access to the user password through other
means (ex. pwdump + john).

If an administrator try to reset a user password on Windows XP, he gets
a message saying that all user secrets stored in protected storage will
be lost.

More info on :
http://msdn.microsoft.com/library/en-us/dnsecure/html/windataprotection-dpapi.asp

Regards,
- Nicolas RUFF
Security researcher @ EADS-CCR

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ