Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised?

S

Spin

Gurus,

Has anyone ever heard of a local LSA secrets file on a Windows workstation
being compromised?

--
Spin
 
S

S. Pidgorny

Re: Has anyone ever heard of a local LSA secrets file on a Windowsworkstation being compromised?

LSA Secrets are not secured. It may take a while to brute force
individual entries though.


--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

Spin wrote:
> Gurus,
>
> Has anyone ever heard of a local LSA secrets file on a Windows workstation
> being compromised?
>
> --
> Spin
>
>
>
 
S

Spin

Understood. They exist in plain text inside the LSA Secrets memory process.
One would need to attack that to dump the entries. By default, one needs
SecDebugProcess right in order to do so, by default this is only granted to
Administrators. Which is why one needs to secure the local admin account
and all members of the Administrators to the best of their abilities.
 
You must log in or register to reply here.

Similar threads

A
Has anyone ever heard of "logoFAIL"? How do we deal with it?
Replies
0
Views
20
AJ Marquez II
A
J
My microsoft account was hacked and is compromised
Replies
0
Views
45
John567890
J
J
Has anyone else ever been stuck on the fixing (C:) stage 2 for days?
Replies
0
Views
12
Joe Merino
J
B
How to temporarily stop as much as possible Microsoft network traffic on a potentially compromised machine
Replies
0
Views
26
Bob Riddle
B
B
New Windows LAPS - Can User retrieve Password for his Workstation?
Replies
0
Views
38
Bastian M.
B
Back
Top Bottom