[prev in list] [next in list] [prev in thread] [next in thread]
List: pen-test
Subject: RE: Where are Windows "Enforce password history" passwords stored?
From: "Nick Duda" <nduda () VistaPrint ! com>
Date: 2005-08-31 11:21:55
Message-ID: 6570EF1DE8D49B469FD6397DE5558AE509AB50E0 () lexmail ! vistaprint ! net
[Download RAW message or body]
I agree...having access to pas passwords is a big gain. Consider the
following, an employee uses the following password scheme, Password1,
Password2, Password3, Password4 and the current password is Password5.
I'll bet you I know what the next password will be.
- Nick
-----Original Message-----
From: Wil.Allsopp@ins.com [mailto:Wil.Allsopp@ins.com]
Sent: Tuesday, August 30, 2005 4:59 PM
To: pen-test@securityfocus.com
Subject: RE: Where are Windows "Enforce password history" passwords
stored?
James Leighe [jamesleighe@gmail.com] wrote:
>It's stored as a hash, so if you find out how to access them, you
>would have to crack it. So basically, it's not worth the time when an
>attacker could just go for the current password.
This shows a fundamental misunderstanding of security as well as the way
hackers think. There are many advantages for an attacker to have your
previous passwords - passwords are reused and some may be current on
peripheral or entirely separate systems.
Wil
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic