Reply to post: Is this another of those "Must have admin privs, access to DC" pre-requisite things?

Windows' authentication 'flaw' exposed in detail

Amorous Cowherder
Facepalm

Is this another of those "Must have admin privs, access to DC" pre-requisite things?

If so then if I have that level of access to a DC, all I have to do is code up a DLL in C that hooks into the Windows LSA API, drop it on a DC, hook the DLL into the registry and it'll start spitting out clear text names and passwords every time a user changes their password!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019