Re: RAS 'save password' problems...

martin Dolphin (mdolphin@POBOX.COM)
Sun, 22 Mar 1998 17:03:47 -0600

Jim,

I try to stay away from 95 as much as possible, however I would *assume*
that 95 would save this information in the .pwl file as that is where it
*should* store passwords in 95. LSA secrets doesn't work on 95 so it
doesn't seem that MS didn't implement the registry secrets in 95. Also,
you can crack a .pwl file using Glide.exe **IF** the password patch was not
applied.

You could prevent 95 users from saving thier password by using the system
policy editor and disabling password caching. Users can override this by
changing the registry value but the next time they logon the policy will be
refreshed. If the users need to reenter the password each time they might
be less likely to use this functionallity.

At 03:20 PM 3/20/98 -0500, Jim Hebert wrote:
>On Fri, 20 Mar 1998, Aleph One wrote:
>
>
>Any word on this for '95 machines? I know of offices running 95 where
>employees have given themselves a modem and decided that they should be
>dialing out to their ISP from work. I'd like to send word along to them
>about this as it affects 95.
>
>(Yeah, I know, the other list is *nt*bugtraq... :-> )
>
>thanks,
>jim
>