DOCUMENT:Q233303 TITLE :DUN Credentials Cached When Save Password Not Selected with RRAS PRODUCT :Windows NT PROD/VER:4.0 OPER/SYS:WINDOWS NT KEYWORD :kbbug4.00 kbfix4.00 ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows NT Server versions 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4 - Microsoft Windows NT Server, Enterprise Edition versions 4.0, 4.0 SP4 ------------------------------------------------------------------------------- SYMPTOMS ======== When you have Routing and Remote Access Service for Windows NT 4.0 installed on your computer and you are using the Dial-Up Networking client software to connect to a server, a dialogue box requests the user's User ID and password for the server. In the same dialogue box is the Save Password check box, which is intended to provide the user with the option to cache their security credentials if desired. However, the implemented client functionality actually caches the user's credentials regardless of whether the check box is selected or not. RESOLUTION ========== A supported fix that corrects this problem is now available from Microsoft, but has not been fully regression tested and should be applied only to systems determined to be at risk of attack. Please evaluate your system's physical accessibility, network and Internet connectivity, and other factors to determine the degree of risk to your system. If your system is sufficiently at risk, Microsoft recommends you apply this fix. Otherwise, wait for the next Windows NT 4.0 service pack that contains this fix. To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web: http://support.microsoft.com/support/supportnet/default.asp The English version of this fix should have the following file attributes or later: Date Time Size File name Platform ------------------------------------------------------ 05/25/99 03:44p 131,344 Rasapi32.dll x86 05/25/99 03:46p 396,048 Rasdlg.dll x86 05/25/99 03:42p 203,024 Rasapi32.dll Alpha 05/25/99 03:44p 577,808 Rasdlg.dll Alpha This hotfix has been posted to the following Internet location as Rpwdfixi.exe (x86) and Rpwdfixa.exe (Alpha): ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/ Hotfixes-PostSP5/RRASPassword-fix/ NOTE: If this product was already installed on your computer when you purchased it from the Original Equipment Manufacturer (OEM) and you need this fix, please call the Pay Per Incident number listed on the above Web site. If you contact Microsoft to obtain this fix, and if it is determined that you only require the fix you requested, no fee will be charged. However, if you request additional technical support, and if your no-charge technical support period has expired, or if you are not eligible for standard no-charge technical support, you may be charged a non-refundable fee. For more information about eligibility for no-charge technical support, see the following article in the Microsoft Knowledge Base: Q154871 Determining If You Are Eligible for No-Charge Technical Support STATUS ====== Microsoft has confirmed this problem could result in some degree of security vulnerability in Windows NT 4.0. MORE INFORMATION ================ For information on this problem in the Microsoft Remote Access Service (RAS) client, please see the following article in the Microsoft Knowledge Base: Q230681 RAS Credentials Cached when "Save Password" Option Cleared Cached security credentials, including passwords, are stored and encrypted in the registry and protected by an access control list (ACL). RAS uses Local Security Authority (LSA) Secrets to store the entries. The default ACL values only allows administrators and the user associated with the credentials to access these registry entries. Additional encryption for LSA Secrets is available to provide protection for this information when stored on backup tapes, the Emergency Repair Disk, or other registry backups using the System Key option. For information on System Key (Syskey.exe) functionality, please refer to the following article in the Microsoft Knowledge Base: Q143475 Windows NT System Key Permits Strong Encryption of the SAM For additional security-related information about Microsoft products, please visit the following Microsoft Web site: http://www.microsoft.com/security/ Additional query words: ============================================================================ THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.