Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows 10 null password #40

Closed
MatthewHKnight opened this issue May 18, 2016 · 6 comments
Closed

Windows 10 null password #40

MatthewHKnight opened this issue May 18, 2016 · 6 comments

Comments

@MatthewHKnight
Copy link

Just curious about why Windows 10 passwords are showing up as null for I was trying to remember how you get around it showing null but forgot why again the password shows up null someone refresh my memory again.

Ran it as Admin had Smartscreen off and turned off Bit Defender but I think their was something you had to do to get it to show the password.
@gentilkiwi
Copy link
Owner

Starting with 8.x and 10, by default, there is no password in memory.

Exceptions:

  • When DC is/are unreachable, the kerberos provider keeps passwords for future negocation ;
  • When HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest, UseLogonCredential (DWORD) is set to 1, the wdigest provider keeps passwords ;
  • When values in Allow* in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults or HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation, the tspkgs / CredSSP provider keeps passwords.

Of course, not when using Credential Guard.

@MichaelGrafnetter
Copy link

I have also heared that when you use Remote Desktop RemoteApp, cleartext passwords are cached by the wksprt.exe process and handed over to mstsc.exe on-demand, even on Windows 10. But I did not have time to verify it.

@gentilkiwi gentilkiwi mentioned this issue Sep 24, 2016
Closed
@strasharo
Copy link

Is this:

When HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest, UseLogonCredential (DWORD) is set to 1, the wdigest provider keeps passwords ;

valid for Windows Server 2012 R2 Standard x64?

It's set, however I'm not able to fetch my creds used in an incoming RDP connection.

@gentilkiwi gentilkiwi mentioned this issue Mar 19, 2017
Closed
@jaegerschnitzel
Copy link

jaegerschnitzel commented Jul 6, 2017
edited

Is it possible to prevent the kerberos provider to cache passwords? If yes how?
Even if DCs are reachable the cleartext password is shown under Windows 10 Enterprise x64.

Authentication Id : 0 ; 1568134 (00000000:0017ed86)
Session : CachedInteractive from 1
User Name : sureadm
Domain : INT.CORP
Logon Server : INT03DC
Logon Time : 06.07.2017 14:48:56
SID : S-1-5-21-862xx0103-xxxxxxxxxxxx-xxxxx
msv :
[00000003] Primary
* Username : sureadm
* Domain : INT.CORP
* NTLM : f50ef5a25xxxxxxxxxc141cff311d84xx2d
* SHA1 : 55ef902aecxxxxxxxxxxxxxxxx707d95f5050xxc55e
* DPAPI : 659cb841xxxxxef3c669dxx75
tspkg :
wdigest :
* Username : sureadm
* Domain : INT.CORP
* Password : (null)
kerberos :
* Username : sureadm
* Domain : INT.CORP
* Password : XXXXXX
ssp :
credman :

@gentilkiwi
Copy link
Owner

Try to push users in protected users group :)

@sekurls123
Copy link

Is it possible if they are set to Allow* to still get password?

@gentilkiwi gentilkiwi mentioned this issue Jul 28, 2018
Closed
This was referenced Oct 5, 2019
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@gentilkiwi @strasharo @jaegerschnitzel @MichaelGrafnetter @MatthewHKnight @sekurls123