1. Latest News
  2. Submit Press Release
  1. PR Home
  2. Latest News
  3. Feeds
  4. Alerts
  5. Submit Free Press Release
  6. Journalist Account
  7. PRNewswire Distribution

DPAPI Vulnerability Allows Intruders to Decrypt Personal Data

Passcape Software has discovered a DPAPI vulnerability that could potentially lead to unauthorized decryption of personal data and passwords of interactive domain users. The vulnerability is present in all Windows Server operating systems.

 
PRLog - Jul. 10, 2014 - DPAPI, first introduced in Windows 2000, is a technology to protect user and application data on the computer. DPAPI on later operating systems including Windows 2003, Windows Server 2008, and Windows Server 2012 while modified is still compatible with that of Windows 2K. Normally, the API encrypts data using the Master Key derived from the user logon password.

However, as Passcape Software discovered, under certain conditions user data can be decrypted without knowing the corresponding logon password. In particular, the implementation of DPAPI algorithm in all systems after Windows 2000 implies that the Master Key is built using PBKDF2 function from SHA-1 password hash, but the classic algorithm introduced in Windows 2K uses MD4 hash instead. Since MD4 hashes are already stored in the SAM registry or in the Active Directory, decryption becomes possible even without the logon password.

The vulnerability utilizes the fact the later versions of DPAPI have backward compatibility with the Win2K algorithm. By manipulating the Bit 4 of the dwPolicy flag, an application can instruct the OS to create the Master Key in the compatibility mode rendering the logon password unnecessary. Even worse, the bit is off by default, therefore decryption of data of newly created domain users with interactive logon privileges in Windows server systems doesn´t require the logon password from the start.

Experts in Passcape Software recommend system administrators to take this flaw into consideration in order to guarantee reliable protection of users´ data on server systems.

More information about the vulnerability can be found on Passcape´s blog: http://passcape.com/index.php?setLang=2&section=blog&...

About

Passcape Software was founded in 2005. The company focuses on security breach investigations, password recovery software and IT audit products. Software by the company is widely used by federal and state agencies as well as forensic services, military organizations, business and private consumers. Company website: http://www.passcape.com/index.php?setLang=2

Contacts

Julia Wunder
Julia.wunder@softpressrelease.com

Contact
Julia Wunder
***@softpressrelease.com

--- End ---

Click to Share

Contact Email:
***@softpressrelease.com Email Verified
Source:SoftPressRelease
Industry:Security
Tags:DPAPI
Shortcut:prlog.org/12346752
Disclaimer:   Issuers of the press releases are solely responsible for the content of their press releases. PRLog can't be held liable for the content posted by others.   Report Abuse

Latest Press Releases By “

More...

Trending News...



  1. SiteMap
  2. Privacy Policy
  3. Terms of Service
  4. Copyright Notice
  5. About
  6. Advertise
Like PRLog?
9K2K1K
Click to Share