Jump to content

Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised?

Guest Spin

By Guest Spin
in Techno Babble

 Share

Recommended Posts

Guest Spin

Guest Spin

Posted
Posted

Gurus,

 

Has anyone ever heard of a local LSA secrets file on a Windows workstation

being compromised?

 

--

Spin

  • Replies 2
  • Created
  • Last Reply

Popular Days

Popular Days

Guest S. Pidgorny

Guest S. Pidgorny

Posted
Posted

Re: Has anyone ever heard of a local LSA secrets file on a Windowsworkstation being compromised?

 

LSA Secrets are not secured. It may take a while to brute force

individual entries though.

 

 

--

Svyatoslav Pidgorny, MS MVP - Security, MCSE

-= F1 is the key =-

 

http://sl.mvps.org http://msmvps.com/blogs/sp

 

Spin wrote:<span style="color:blue">

> Gurus,

>

> Has anyone ever heard of a local LSA secrets file on a Windows workstation

> being compromised?

>

> --

> Spin

>

>

> </span>

Guest Spin

Guest Spin

Posted
Posted

Understood. They exist in plain text inside the LSA Secrets memory process.

One would need to attack that to dump the entries. By default, one needs

SecDebugProcess right in order to do so, by default this is only granted to

Administrators. Which is why one needs to secure the local admin account

and all members of the Administrators to the best of their abilities.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...