Please create an account to participate in the Slashdot moderation system


Forgot your password?
Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

Submission + - DPAPI Vulnerability Allows Intruders To Decrypt Personal Data

An anonymous reader writes: Passcape Software has discovered a DPAPI vulnerability that could potentially lead to unauthorized decryption of personal data and passwords of interactive domain users. The vulnerability is present in all Windows Server operating systems. DPAPI, first introduced in Windows 2000, is a technology to protect user and application data on the computer. DPAPI on later operating systems including Windows 2003, Windows Server 2008, and Windows Server 2012 while modified is still compatible with that of Windows 2K. Normally, the API encrypts data using the Master Key derived from the user logon password. However, under certain conditions user data can be decrypted without knowing the corresponding logon password.

Yes, we will be going to OSI, Mars, and Pluto, but not necessarily in that order. -- Jeffrey Honig