[Klug-general] Passwords
David Halliday
david.halliday at gmail.com
Mon Sep 5 09:33:33 UTC 2011
One thought. If security is a concern this is potentially dangerous. A
common way to exploit authentication on windows AD networks is that the
client computer remember the last
10 user-names/passwords successfully authenticated. This is useful to
authenticate people when network availability is unreliable. However if you
are in a public environment or there is a chance that someone might be
interested in exploiting the network then having physical access to a
machine which stores user-names/passwords is a big
security vulnerability, especially if a network admin was one of the last 10
people to access that machine. This is a very common mechanism used to
exploit MS based networks.
More information about the Kent
mailing list