NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FOCUS-MS> 2003-q3

RE: focus-ms

securityfocus.com

From: Philip Turner (p.turnernewman.ac.uk)
Date: Fri Sep 05 2003 - 03:55:54 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4 Sep 2003 at 9:31, Perry, Brian wrote:

> If I may....Quoting MS Security Resource Kit... pg.79
>
> Cached Credentials
> "By default, Windows NT, Windows 2000, and Windows XP cache the
> credentials of domain accounts used to log on to the network at the
> local computer. The credentials include the users name, password, and
> domain. Rather than storing the actual credential information, the
> information is stored in an irreversibly encrypted form and on the local
> computer."
>
> "irreversibly"?
>

Shorthand for "impracticably difficult to reverse".

I'd guess the technique goes something like this:

Client calculates encrypted form of credentials and caches them.

When client wants to access a resource on the server it passes
the encrypted credentials to the server with the request.

The server does something equivalent to comparing the passed
encrypted credentials to what it calculates they should be from
its copy of the actual information and grants access if they
match.

Thus using the cached information is not as simple as typing in
a password.

The information can be "password equivalent" however. It should
only take moderate programming skills to alter something like
smbclient (from samba) to skip the credential encryption process
and import extracted information directly into its encrypted
credential cache.

>
> bp
>

<snip>
--
Phil Turner

---------------------------------------------------------------------------
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
---------------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]