1. Check out OCAU's review of the SpaceX Starlink satellite internet service!
    Dismiss Notice

Windows 365 announced and yes dear god I wish this was a joke but it's not.

Discussion in 'Windows Operating Systems' started by metamorphosis, Jul 15, 2021.

  1. fnp

    fnp Member

    Joined:
    Apr 20, 2004
    Messages:
    2,289
    Location:
    Wait Awhile
  2. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,619
  3. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    15,355
    Location:
    Canberra
    why are the creds stored in plain text anyway?

    they have API's to securely* store creds, so some first grader programmer and MS fucked up, then some numpty reviewer didn't review it.
    endless chain of fail.

    *well not in plain text at least
     
  4. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,619
    They aren't stored in plain text. Mimikatz decrypts them for you.
    It can do this when it's running as local admin, because it has access to all the memory and processes where the passwords are stored, and all the bits used to encrypt them.
     
  5. millsy

    millsy Member

    Joined:
    Mar 31, 2007
    Messages:
    13,560
    Location:
    Brisbane
    The issue is more they're not implementing their own recommended better practice, e.g. credential guard.
     

Share This Page

Advertisement: