Windows Authentication

1
Windows Authentication

• Wenqun Li
• Mach 24, 2004

2
Description

• Most forms of user authentication rely on user
  supplied passwords.
• Properly authenticated access is often not
  logged.
• A compromised password offers the attacker an
  opportunity to access a system from inside
  virtually undetected.
• Account with bad or empty passwords are extremely
  common,

3
The most common password vulnerabilities

• User accounts with weak or nonexistent passwords
• Fail to protect passwords
• Administrative accounts with weak or nonexistent
  passwords
• Password hashing algorithms are known

4
Three Windows Authentication Algorithms

• LM (least secure, most compatible)
• NLM
• NTLMv2 (most secure, least compatible)

5
Weakness of LM Hashes

• Passwords are truncated to 14 characters.
• Passwords are padded with spaces to become 14
  characters.
• Passwords are converted to all upper case
  characters.
• Passwords are split into two seven character
  pieces.

6
Operation Systems Affected

• All microsoft windows operating systems.
• An example CVE-0222
• The installation for Windows 2000 does not
  activate the administrator password until the
  system has rebooted, which allows remote
  attackers to connect to the ADMIN share without
  a password until the reboot occurs.

7
How to Protect Against It

• Assure that passwords are consistently strong
• Protect strong passwords
• Tightly control accounts
• Maintain strong password policy for the
  enterprise.
• Disable LM authentication across the network.
• Prevent the LM hash from being stored
• Prevent password hashes and SAM database from be
  being copied.

8
Bibliographic Reference

1. http//www.sans.org/top20/w3
2. http//www.cve.mitre.org/cgi-bin/cvename.cgi?name
   CVE-2000-0222

9
Thank You
Any Questions???