[NTSEC] Plaintext passwords exist in registry (fwd)

17 Dec 2003

      =====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    | "Boy meets beer.  Boy drinks Beer,     |./|\.
..\|/..|sunder@sundernet.com|        Boy gets another beer!"         |/\|/\
<--*-->| ------------------ |                                        |\/|\/
../|\..| "A toast to Odin,  | For with those which eternal lie, with |.\|/.
.+.v.+.|God of screwdrivers"| strange aeons, even death may die.     |.....
======================== http://www.sundernet.com =========================

---------- Forwarded message ----------
Date: Wed, 28 May 1997 09:17:53 -0700
From: Bill Stout <stoutb@pios.com>
To: PHILIPB@Omnicell.com, chris@auditek.com, ntsecurity@iss.net
Subject: [NTSEC] Plaintext passwords exist in registry

Most facinating what you find if you look. 

The registry does store some passwords in plain text.  The importance of the
passwords you do find depends on your installation.  I found 'password' and
'username' entries at the below locations, but not much software was
installed on these NT boxes.  Searching the NT registry for my password
string did not did not display anything, searching the W95 registry for my
specific password string found it in many places:

password locations:
hkey_local_machine\system\controlset001\services\gophersvc\parameters
                      ...\controlset002\"
                      ...\curentcontrolset\"
                                             ...\msftpsvc\parameters
                                             ...\w3svc\parameters\

username locations:
\hkey+local_machine\software\microsoft\windowsnt\currentversion\winlogon\
                ...\system\controlset001\services\bh\parameters
                      ...\controlset002\"
                      ...\curentcontrolset\"
                ...\services\gophersvc\parameters\anonymouseusername
                                              ...\logsqlusername
                         ...\msftpsvc\parameters\anonymoususername
                                             ...\logsqlusername
                         ...\w3svc\parameters\anonymoususername
                                             ...\logsqlusername

_____________________________________________________________________________
Bill Stout       (Systems Engineer/Consultant)         stoutb@pios.com
Pioneer Standard (Computer Systems & Components)       http://www.pios.com/
San Jose, CA     (Location of 1 of 52 U.S. offices)    (408) 954-9100
*My opinions do not reflect that of the company, and visa-versa, thankfully.*