Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

+ - DPAPI Vulnerability Allows Intruders To Decrypt Personal Data

Submitted by Anonymous Coward
An anonymous reader writes "Passcape Software has discovered a DPAPI vulnerability that could potentially lead to unauthorized decryption of personal data and passwords of interactive domain users. The vulnerability is present in all Windows Server operating systems. DPAPI, first introduced in Windows 2000, is a technology to protect user and application data on the computer. DPAPI on later operating systems including Windows 2003, Windows Server 2008, and Windows Server 2012 while modified is still compatible with that of Windows 2K. Normally, the API encrypts data using the Master Key derived from the user logon password. However, under certain conditions user data can be decrypted without knowing the corresponding logon password."

The secret of success is sincerity. Once you can fake that, you've got it made. -- Jean Giraudoux

Working...