Registry Permissions Could Expose Cryptographic Keys
Reported April 12, 2000 by
Sergio Tabanelli
VERSIONS EFFECTED
  • Windows NT Server 4.0
Windows NT Server 4.0 Enterprise Edition
  • Windows NT Server 4.0 Terminal Server Edition
  • Windows NT Workstation 4.0

    DESCRIPTION

    According to Microsoft"s report, loose permissions on the following registry key could allow a user to compromise the cryptographic keys of others users that might use the same system:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Offload

    The key is designed to point to a DLL-based driver for a hardware-based encryption accellerator. Such a DLL has access to crypto keys stored on the NT machine, and thus, a Trojan DLL could be developed that could gain access to the crypto keys. Because the registry key has loose security permissions, any user that can logon interactively could define the registry key to point to a Trojan DLL.

    VENDOR RESPONSE

    Microsoft has issued a patch for Intel and Alpha platforms, a FAQ, and Support Online article Q259496

    CREDITS
    Discovered and reported by
    Sergio Tabanelli