DUN Credentials Cached When Save Password Not Selected with RAS

ID: Q230681

The information in this article applies to:
  • Microsoft Windows NT Workstation versions 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4, 4.0 SP5
  • Microsoft Windows NT Server versions 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4, 4.0 SP5
  • Microsoft Windows NT Server, Enterprise Edition versions 4.0, 4.0 SP4, 4.0 SP5

SYMPTOMS

When you use the Dial-Up Networking client software for Microsoft RAS to connect to a server, a dialogue box requests the user's User ID and password for the server. In the same dialogue box is the Save Password check box, which is intended to provide the user with the option to cache their security credentials if desired. However, the implemented client functionality actually caches the user's credentials regardless of whether the check box is selected or not.


RESOLUTION

To resolve this problem, obtain the latest service pack for Windows NT 4.0 or the individual software update. For information on obtaining the latest service pack, please go to:

For information on obtaining the individual software update, contact Microsoft Product Support Services. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:
http://www.microsoft.com/support/supportnet/overview/overview.asp

This hotfix has been posted to the following Internet location as Pwdfixi.exe (x86) and Pwdfixa.exe (Alpha):
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/Hotfixes-PostSP5/RASPassword-fix/


STATUS

Microsoft has confirmed this to be a problem in the Microsoft products listed at the beginning of this article. This problem was first corrected in Windows NT 4.0 Service Pack 6.


MORE INFORMATION

For information on this problem using Microsoft Routing and Remote Access Server (RRAS) as a Dial-Up Networking client, please see the following article in the Microsoft Knowledge Base:

Q233303 DUN Credentials Cached When Save Password Not Selected with RRAS
Cached security credentials, including passwords, are stored and encrypted in the registry and protected by an access control list (ACL). RAS uses Local Security Authority (LSA) Secrets to store the entries. The default ACL values only allow administrators and the user associated with the credentials to gain access to these registry entries.

Additional encryption for LSA Secrets is available to provide protection for this information when stored on backup tapes, the Emergency Repair Disk, or other registry backups using the System Key option. For information on System Key (Syskey.exe) functionality, please refer to the following article in the Microsoft Knowledge Base:
Q143475 Windows NT System Key Permits Strong Encryption of the SAM
For additional security-related information about Microsoft products, please visit the following Microsoft Web site:
http://www.microsoft.com/security/

Additional query words:

Keywords : kbnetwork ntras ntsecurity ntsp NT4SP6Fix
Version : winnt:4.0,4.0 SP1,4.0 SP2,4.0 SP3,4.0 SP4,4.0 SP5
Platform : winnt
Issue type : kbbug


Last Reviewed: October 28, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.