Cached Domain Password on Notebook, secure?

From: Varga Daniel (QI/RZS4) * (Daniel.Varga@de.bosch.com)
Date: 02/18/02

Previous message: Laura A. Robinson: "Re: reading data from RAM"
Next in thread: Eric: "Re: Cached Domain Password on Notebook, secure?"
Reply: Eric: "Re: Cached Domain Password on Notebook, secure?"
Reply: Laura A. Robinson: "Re: Cached Domain Password on Notebook, secure?"
Reply: Skinner, Kit: "RE: Cached Domain Password on Notebook, secure?"
Reply: Varga Daniel (QI/RZS4) *: "RE: Cached Domain Password on Notebook, secure?"
Reply: Toni Heinonen: "RE: Cached Domain Password on Notebook, secure?"
Reply: Skinner, Kit: "RE: Cached Domain Password on Notebook, secure?"
Reply: Toni Heinonen: "RE: Cached Domain Password on Notebook, secure?"
Reply: Gino Genari: "RE: Cached Domain Password on Notebook, secure?"
Reply: Chris Freels: "RE: Cached Domain Password on Notebook, secure?"
Reply: John Redd: "RE: Cached Domain Password on Notebook, secure?"
Reply: Varga Daniel (QI/RZS4) *: "RE: Cached Domain Password on Notebook, secure?"
Reply: Laura A. Robinson: "Re: Cached Domain Password on Notebook, secure?"
Reply: Laura A. Robinson: "Re: Cached Domain Password on Notebook, secure?"
Reply: Rowan.Smith@csiro.au: "RE: Cached Domain Password on Notebook, secure?"
Reply: Rowan.Smith@csiro.au: "RE: Cached Domain Password on Notebook, secure?"
Reply: richard: "RE: Cached Domain Password on Notebook, secure?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Varga Daniel (QI/RZS4) *" <Daniel.Varga@de.bosch.com>
To: "'focus-ms@securityfocus.com'" <focus-ms@securityfocus.com>
Date: Mon, 18 Feb 2002 18:17:27 +0100

Hi all,

do you know, whether it is possible for an attacker to crack the cached
credentials of a domain user on an offline notebook?

I tried lsadump2 (http://razor.bindview.com/tools/desc/lsadump2_readme.html)
but cannot judge whether this information is any useful for an attacker to
get the cached password of a domain user. Does anyone of you?

We plan to roll out EFS to secure our notebooks in case they get lost but as
I see the security of EFS stands and falls with the security of the password
of the user.

Thanks,

--
Daniel

Previous message: Laura A. Robinson: "Re: reading data from RAM"
Next in thread: Eric: "Re: Cached Domain Password on Notebook, secure?"
Reply: Eric: "Re: Cached Domain Password on Notebook, secure?"
Reply: Laura A. Robinson: "Re: Cached Domain Password on Notebook, secure?"
Reply: Skinner, Kit: "RE: Cached Domain Password on Notebook, secure?"
Reply: Varga Daniel (QI/RZS4) *: "RE: Cached Domain Password on Notebook, secure?"
Reply: Toni Heinonen: "RE: Cached Domain Password on Notebook, secure?"
Reply: Skinner, Kit: "RE: Cached Domain Password on Notebook, secure?"
Reply: Toni Heinonen: "RE: Cached Domain Password on Notebook, secure?"
Reply: Gino Genari: "RE: Cached Domain Password on Notebook, secure?"
Reply: Chris Freels: "RE: Cached Domain Password on Notebook, secure?"
Reply: John Redd: "RE: Cached Domain Password on Notebook, secure?"
Reply: Varga Daniel (QI/RZS4) *: "RE: Cached Domain Password on Notebook, secure?"
Reply: Laura A. Robinson: "Re: Cached Domain Password on Notebook, secure?"
Reply: Laura A. Robinson: "Re: Cached Domain Password on Notebook, secure?"
Reply: Rowan.Smith@csiro.au: "RE: Cached Domain Password on Notebook, secure?"
Reply: Rowan.Smith@csiro.au: "RE: Cached Domain Password on Notebook, secure?"
Reply: richard: "RE: Cached Domain Password on Notebook, secure?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: WMI security via ASP.NET app
... maybe you wanna use this troubleshooting page to figure out under which security context you are really executing: ... service using WMI via ManagementObjectSearcher object. ... is impersonating the IIS anonymous user, using a domain user. ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Security
... web.config file to impersonate a domain user that has access to the database ... registry the domain user and password. ... have Windows Integrated Security set. ... user while running the code under the impersonated account. ...
(microsoft.public.dotnet.framework.aspnet)
security auditing questions
... When both account logon events and logon events are ... enabled in both the Domain Security Policy and the Domain Controllers ... A logged on domain user attempts to connect to a remote share using a UNC ... A domain user supplies the wrong password to the prompt from an IIS ...
(microsoft.public.win2000.security)
Re: What has Windows 2003 Server security done to domain user profiles
... Microsoft MVP (Windows Server: Security) ... > trying to run the program it is unable to read or load it's ini file. ... > Is there a way to allow a domain user to run a program which uses ini ...
(microsoft.public.windows.server.security)
Re: local policy security
... > We need to add a domain user to the locaL POLICY security of 300 servers via ...
(microsoft.public.win2000.security)