First Critical Windows 8 Security Flaw: Logon Passwords Stored in Plain Text
Softpedia
Decrypting a Windows 8 password is easy, says Passcape
Microsoft says that Windows 8 is the most secure operating system ever, but the first critical security flaw has already been discovered.
Passcape Software developers have discovered that Windows 8 stores user accounts passwords in plain text whenever the user switches to a picture password or a PIN.
As you may know in case you’re a Windows 8 early adopter, the new operating system comes with two new authentication options, allowing users to log in via a picture password or a secure PIN.
“The matter is that these two authentication methods are based on a regular user account. In other words, the user must first have created an account with a regular password and then optionally switch to PIN or picture password authentication. Notably that the original plain-text (!) password to the account also remains in the system,” Passcape wrote in a blog post.
Passwords could, of course, be decrypted and Passcape says that some software solutions especially created in this regard have already been developed.
“Once the user has switched to a new authentication method, his text password is encrypted using the AES algorithm and saved to protected Vault storage in the folder %SYSTEM_DIR%/config/systemprofile/AppData/Local/Microsoft/Vault/4BF4C442-9B8A-41A0-B380-DD4A704DDB28,” the software company explained.
“The text password is not bound to the PIN or picture password; therefore, any user of the PC with the Administrator privileges can easily recover it (the encryption key is protected with system DPAPI).”
Microsoft hasn’t yet commented on the matter, but we’ve contacted the Redmondians for an official statement, so we’ll keep you updated.
