From: Rob Shein (shoten@starpower.net)
Date: Wed Feb 04 2004 - 16:43:37 EST
I'm thinking that the general idea is that if someone's going to use
autologon in the first place, you're not throwing much of a speedbump up by
encrypting the password in the registry. If the registry is
network-accessible without authentication, the machine is pretty vulnerable;
if it's not, then the attacker needs access to the machine itself, and
again, the machine is already logged in and therefore pretty vulnerable.
> -----Original Message-----
> From: wirepair [mailto:wirepair@roguemail.net]
> Sent: Wednesday, January 28, 2004 3:40 PM
> To: pen-test@securityfocus.com
> Subject: encrypting Autologon credentials?
>
>
> lo all,
> I'm curious if anyone has ever seen anything on encrypting
> the "Autologon" feature of Windows. I know its a terrible
> practice to keep it in the cleartext in the registry so I was
> curious if anyone has tried to make this feature more secure.
> I did some google searches but turned up with nada. Any info
> appreciated, -wire
> --
> Visit Things From Another World for the best
> comics, movies, toys, collectibles and more.
> http://www.tfaw.com/?qt=wmf
>
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------
>
>
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:47 EDT