[TOOL] RegistryBrowser Allows Remote Registry Access to HKEY_CURRENT_USER
From: support@securiteam.comDate: 11/27/01
- Previous message: support@securiteam.com: "[NT] Uncovering the Asterisks in Password Inputs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Subject: [TOOL] RegistryBrowser Allows Remote Registry Access to HKEY_CURRENT_USER Message-Id: <20011127215141.C6752138BF@mail.der-keiler.de> Date: Tue, 27 Nov 2001 22:51:41 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
RegistryBrowser Allows Remote Registry Access to HKEY_CURRENT_USER
------------------------------------------------------------------------
DETAILS
The Microsoft Windows Registry Editor can view five predefined and
reserved keys in the registry. They are HKEY_LOCAL_MACHINE, HKEY_USERS,
HKEY_CURRENT_CONFIG, HKEY_CLASSES_ROOT, and HKEY_CURRENT_USER. The
HKEY_CURRENT_USER is a subkey of HKEY_USERS. It is the registry key used
by a user, who is currently logging on to the system.
When you log on Windows NT/2000 locally, you can edit your personal
registries in HKEY_USERS or HKEY_CURRENT_USER using the Registry Editor.
At the same time, HKEY_CURRENT_USER can be accessed and modified remotely.
In other words, you can edit your personal registries (HKEY_CURRENT_USER)
using your account and password from a remote computer, given that you are
also logging on the target computer locally.
If your account and password are stolen, it becomes a very serious
security problem since someone who knows your account and password can
edit your personal registry settings.
RegistryBrowser is a utility that demonstrates this security issue. It
can browse remote system registry using a specified user account. Please
try to access HKEY_CURRENT_USER remotely when you either log on or log off
locally.
ADDITIONAL INFORMATION
The tool can be downloaded from:
<http://www.securityfriday.com/Topics/win_reg.html>
http://www.securityfriday.com/Topics/win_reg.html
The information has been provided by <mailto:urity@securityfriday.com>
Urity.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] Uncovering the Asterisks in Password Inputs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
