Dear feedb4ck@xxxxxxxx, --Thursday, May 25, 2006, 5:46:43 PM, you wrote to bugtraq@xxxxxxxxxxxxxxxxx: fzo> Although it is a well known fact that Windows desktops and servers still fzo> use LM Hashes and cache the last ten userids and passwords locally, just fzo> in-case an Active Directory, Domain, or NDS tree are not available, has fzo> anyone thought about the consequences of this issue in a hot-desking, or fzo> flexible working environment? Windows doesn't cache passwords. If I remember correctly, the cached value is actually MD5 from NT key and can not be used directly. LM hashes can be disabled through group policy, see http://support.microsoft.com/?kbid=299656. Local SAM doesn't store domain accounts. fzo> Now, I know what everyone is saying, wait a minute, for PWDUMP to work you fzo> need to be administrator to the local machine. But think again, how fzo> often is this the case? Many companys only look to restrict network fzo> access - as restricting local access may cause issues with applications fzo> which need to access the local drive. If your users on shared hosts work with local administrators privileges - you have no security at all. Forget about about PWDUMP, it's too hard. Think about trojans and keyloggers user can install to obtain credentials of different user. Even more: if you have shared computer and you have no physical security, everyone can install hardware keylogger. Your problem is you have strange approach to security. Good approach is: What should I protect? -- ~/ZARAZA http://www.security.nnov.ru/
