Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1999_1

Bugtraq archives for 1st quarter (Jan-Mar) 1999: Regarding passwords in registry keys.

Regarding passwords in registry keys.

Ash (ashDRAGONPAW.ORG)
Fri, 19 Feb 1999 17:04:37 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: M.C.Mar: "Re: [HERT] Advisory #002 Buffer overflow in lsof"
Previous message: der Mouse: "Re: [HERT] Advisory #002 Buffer overflow in lsof"
In reply to: Haze: "Possible Netscape Crypto Security Flaw"

Considering the various threads running around about programs storing
passwords temporarily in Windows registry entries I thought I would point
out that registry keys are never deleted. The registry marks the key as
'unused' and leaves it in place, the entry never replaced or its space
reclaimed. This is why the registry files are always growing.

If you look in the O'Riely "Windows Annoyances" book you will find the
procedures for exporting the registry to text the creating a new one from
that exported file. Requires rebooting into dos and such, very messy. Last
time I did this I saved about a meg.

So, all those 'temporary' keys that hold these juicy bits are in fact left
behind in the registry data files themselves for anyone with a hex editor
to find. Could make for interesting mining I think.

--
Ash <ashdragonpaw.org>

"Love is a Journey, One Heart At a Time."

Next message: M.C.Mar: "Re: [HERT] Advisory #002 Buffer overflow in lsof"
Previous message: der Mouse: "Re: [HERT] Advisory #002 Buffer overflow in lsof"
In reply to: Haze: "Possible Netscape Crypto Security Flaw"