By default, Windows 95 and Windows for Workgroups implement a "password caching feature" whereby the passwords for all network services (NetWare, NT, Samba, SLIP/PPP service) are automatically and permanently stored in C:\WINDOWS\<USERNAME>.PWL. Microsoft claims they are encrypted securely.

Peter determined that the Windows PWL encryption algorithm was incredibly insecure. Frank wrote a program to break the .PWL files in Windows. (More details are forthcoming, a draft version is available currently.) Source code and a Windows NT executable for the exploit program are available. In effect, anyone with physical or network access to a Windows machine has access to all network passwords used by all users of that machine.

Late afternoon December 14th, Microsoft released an alleged fix (altenate site here) for the problem, which is supposed to make passwords harder to find, but it has not been reviewed by outside experts, and it doesn't even come with a ReadMe file. Unlike Netscape, Microsoft has not published its encryption algorithm for the customary peer review. Until they do, we recommend disabling password caching and user profiles; see the win95netbugs list archive and FAQ.

Peter wrote this modest trojan horse demonstration, mail.zip. Invoke it as mail hackmsoft@c2.org (or whatever address you consider appropriate) on any Windows for Workgroups machine with a TCP/IP connection and it will send you (or anyone else) the first password cached on your machine, unencrypted.

Note that this hack does not contain any decryption code; it merely uses the WNetGetCachedPassword() call, which is available to any program. Proper security architectures, such as the corresponding subsystem in Windows NT, have an internal security perimeter to prevent this kind of thing. This quick hack doesn't support MX aliasing, so you might need to point it directly at your SMTP server. Because some network calls do not seem to be supported in Windows 95, this program currently only works with WFW (but this is only a minor implementation issue, which could be fixed).

"Disabling password caching" does not completely address this vulnerability, because passwords are still stored in memory to facilitate the "automatic reconnect" feature, which is designed to maintain connections through laptop "suspend" mode and temporary network problems. Neither is the alleged fix for Windows 95 (above) relevant.

A person less kindly than Peter could easily write a malicious trojan horse or virus, perhaps distributed by any one or more of the means suggested on this page, that could email network passwords through a secure, untraceable chain of remailers to a throwaway trial AOL or CompuServe account. Frank (above) has some "good" ideas that he has decided would be irresponsible to implement. By playing coverup, Microsoft is flirting with real disaster for itself and its customers.