Vulnerability Note VU#36764
Syskey reuses keystream
Versions of SYSKEY in use prior to December, 1999 leave the SAM database vulnerable to cryptanalytic attacks.
SYSKEY is a utility introduced in Microsoft Windows NT 4.0 service pack 3 to provide strong cryptographic protection to the SAM (password) database. The protection SYSKEY provides is intended to prevent attacks against the SAM database even if an intruder can obtain a copy of the database. Although the passwords stored in the SAM database are encrypted, if an intruder can obtain a copy of the SAM database, he can attempt a dictionary attack to obtain the passwords. That is, an intruder can select words from a dictionary, encrypt (or hash) them in the same way the SAM database would, and compare the results to the encrypted values stored in the SAM. If the values match, the intruder has discovered the password. Thwarting a dictionary attack is one of the reasons that you should choose a password that is not listed in any dictionary of any language.
This vulnerability was discovered by BindView's RAZOR team and addressed by Microsoft in December, 1999.
Attackers can conduct dictionary attacks against the SAM database if they can obtain a copy of it.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft||Affected||-||15 Nov 2001|
CVSS Metrics (Learn More)
Our thanks to BindView's RAZOR team and Microsoft for the information in their advisories.
This document was written by Shawn V Hernan.
- CVE IDs: CVE-1999-0994
- Date Public: 16 Dec 99
- Date First Published: 15 Nov 2001
- Date Last Updated: 15 Nov 2001
- Severity Metric: 3.00
- Document Revision: 5
If you have feedback, comments, or additional information about this vulnerability, please send us email.