DUN Credentials Cached When Save Password Not Selected with RRAS

ID: Q233303

The information in this article applies to:

Microsoft Windows NT Server versions 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4
Microsoft Windows NT Server, Enterprise Edition versions 4.0, 4.0 SP4

SYMPTOMS

When you have Routing and Remote Access Service for Windows NT 4.0 installed on your computer and you are using the Dial-Up Networking client software to connect to a server, a dialogue box requests the user's User ID and password for the server. In the same dialogue box is the Save Password check box, which is intended to provide the user with the option to cache their security credentials if desired. However, the implemented client functionality actually caches the user's credentials regardless of whether the check box is selected or not.

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows NT 4.0 or the individual software update. For information on obtaining the latest service pack, please go to:

http://www.microsoft.com/windows/servicepacks/

Q152734 How to Obtain the Latest Windows NT 4.0 Service Pack

For information on obtaining the individual software update, contact Microsoft Product Support Services. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://www.microsoft.com/support/supportnet/overview/overview.asp

This hotfix has been posted to the following Internet location as Rpwdfixi.exe (x86) and Rpwdfixa.exe (Alpha):

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/Hotfixes-PostSP5/RRASPassword-fix/

STATUS

Microsoft has confirmed this problem could result in some degree of security vulnerability in Windows NT 4.0. This problem was first corrected in Windows NT 4.0 Service Pack 6.

MORE INFORMATION

For information on this problem in the Microsoft Remote Access Service (RAS) client, please see the following article in the Microsoft Knowledge Base:

Q230681 RAS Credentials Cached when "Save Password" Option Cleared

Cached security credentials, including passwords, are stored and encrypted in the registry and protected by an access control list (ACL). RAS uses Local Security Authority (LSA) Secrets to store the entries. The default ACL values only allow administrators and the user associated with the credentials to access these registry entries.

Additional encryption for LSA Secrets is available to provide protection for this information when stored on backup tapes, the Emergency Repair Disk, or other registry backups using the System Key option. For information on System Key (Syskey.exe) functionality, please refer to the following article in the Microsoft Knowledge Base:

Q143475 Windows NT System Key Permits Strong Encryption of the SAM

For additional security-related information about Microsoft products, please visit the following Microsoft Web site:

http://www.microsoft.com/security/

Additional query words:

Keywords : kbnetwork ntras ntsecurity kbbug4.00 kbfix4.00 NT4SP6Fix
Version : winnt:4.0,4.0 SP1,4.0 SP2,4.0 SP3,4.0 SP4
Platform : winnt
Issue type : kbbug