azbil

Japanese

English

GO to the azbil Global Site

The photo of a boy and his father who are looking at the screen of pc. Products Company Research In The Media Contact

 

 

Hazard of "My Network Places" on Windows XP


By clicking "My Network Places" on Windows XP, your local log-on password may unexpectedly be transmitted automatically to numerous unspecified computers on the LAN. When "My Network Places" is clicked, Windows XP tries to acquire the shared resources list of all computers on the LAN. At that time, the user local log-on password is used when the password for the shared resource has not been preserved.


Note This functionality is disabled if more than 32 computers with shared resources are detected on your network, if you are joined to a domain, if you are using a dial-up or a VPN connection, or if an administrator has disabled the functionality by using Group Policy.


from Microsoft KB320138 updated on Jan. 9 2004


In such a situation, if there is an NT4.0 (or any other pre Win2000) machine on the LAN, Windows XP will automatically transmit your local log-on password to the NT4.0 machine using LM authentication when "My Network Places" is clicked. Microsoft explains "LM authentication is not as strong as Windows NT authentication so some customers may want to disable its use, because an attacker eavesdropping on network traffic will attack the weaker protocol."


In order to protect the LM hash, Windows XP has a registry value named NoLMHash, located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa. If NoLMHash is set as '1' and you change your password, your true LM hash will not be generated. In other words, even if pwdump2 is used, the true LM hash value cannot be acquired - pwdump2 will always show "aad3b435b51404eeaad3b435b51404ee" as the LM hash.


However, the registry NoLMHash does not affect LM authentication. Even if NoLMHash has been set to one, Windows XP automatically transmits your local log-on password to the NT4.0 machine using LM authentication when "My Network Places" is clicked. It should be noted that Windows XP doesn't use LM authentication when there are only Windows 2000 and XP machines on the LAN even if "LMCompatibilityLevel" is 0.


To disable this XP feature, perform the following.

  1. Open Windows Explorer
  2. Choose "Folder Options" from the "Tools" menu
  3. Go to the "View" tab and check off "Automatically search for network folders and printers" in Advanced Settings.

(May 2002)


Microsoft Knowledge Base Article - 256248


Microsoft Knowledge Base Article - 299656


Microsoft Knowledge Base Article - 320138


FYI: Ten Windows Password Myths (SecurityFocus)

 

 



SecurityFriday TM

(C)Azbil SecurityFriday Co., Ltd. All rights reserved.