Our recent feature on the growing vulnerability of passwords chronicled the myriad ways crackers extract clues used to guess other people’s login credentials. Add to that list a password reminder feature built in to recent versions of Microsoft’s Windows operating system.
It turns out the password clues for Windows 7 and 8 are stored in the OS registry in a scrambled format that can be easily converted into human-readable form. That information would undoubtedly be useful to hackers who intercept a cryptographic hash of a targeted computer, but are unable to crack it. Jonathan Claudius, the SpiderLabs vulnerability researcher who documented the new Windows behavior, has written a script that automates the attack and added it to Metasploit, an open-source toolkit popular among whitehat and blackhat hackers alike.
The clue is added to the OS registry when users configure a Windows account to provide a hint about the password needed to access it. When he first saw the long string of letters and numbers that stored the hint, he thought it had been encrypted. Upon further examination, he learned that an eight-line Ruby script quickly decoded the text chunks.