DOCUMENT:Q230681
TITLE   :RAS Credentials Cached When "Save Password" Option Cleared
PRODUCT :Windows NT
PROD/VER:4.0
OPER/SYS:WINDOWS NT
KEYWORD :kbbug4.00 kbfix4.00 

-------------------------------------------------------------------------------
The information in this article applies to:

 - Microsoft Windows NT Workstation versions 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4 
 - Microsoft Windows NT Server versions 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4 
 - Microsoft Windows NT Server, Enterprise Edition versions 4.0, 4.0 SP4 
-------------------------------------------------------------------------------

SYMPTOMS
========

When you clear the Save password check box on the logon credentials screen of a
computer that uses the Microsoft Dial-Up Networking client software to connect
to a Microsoft Remote Access Server (RAS) server, the user ID, password, and
domain names are still cached in the server's registry.

RESOLUTION
==========

A supported fix that corrects this problem is now available from Microsoft, but
has not been fully regression tested and should be applied only to systems
determined to be at risk of attack. Please evaluate your system's physical
accessibility, network and Internet connectivity, and other factors to determine
the degree of risk to your system. If your system is sufficiently at risk,
Microsoft recommends you apply this fix. Otherwise, wait for the next Windows NT
4.0 service pack that contains this fix.

To resolve this problem immediately, contact Microsoft Product Support Services
to obtain the fix. For a complete list of Microsoft Product Support Services
phone numbers and information on support costs, please go to the following
address on the World Wide Web:

   http://support.microsoft.com/support/supportnet/default.asp

The English version of this fix should have the following file attributes or
later:

   Date      Time      Size      File name      Platform
   -----------------------------------------------------
   05/06/99  04:38p    127,248   Rasapi32.dll   (x86)
   04/28/99  05:58p    346,896   Rasdlg.dll     (x86)

   05/06/99  04:37p    198,416   Rasapi32.dll   (Alpha)
   04/28/99  05:46p    510,224   Rasdlg.dll     (Alpha)

This hotfix has been posted to the following Internet location as Pwdfixi.exe
(x86) and Pwdfixa.exe (Alpha):

   ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/
   Hotfixes-PostSP5/RASPassword-fix/

NOTE: If this product was already installed on your computer when you purchased
it from the Original Equipment Manufacturer (OEM) and you need this fix, please
call the Pay Per Incident number listed on the above Web site. If you contact
Microsoft to obtain this fix, and if it is determined that you only require the
fix you requested, no fee will be charged. However, if you request additional
technical support, and if your no-charge technical support period has expired,
or if you are not eligible for standard no-charge technical support, you may be
charged a non-refundable fee.

For more information about eligibility for no-charge technical support, see the
following article in the Microsoft Knowledge Base:

   Q154871 Determining If You Are Eligible for No-Charge Technical Support

STATUS
======

Microsoft has confirmed this problem could result in some degree of security
vulnerability in Windows NT 4.0.

MORE INFORMATION
================

For information on this problem in the Microsoft Routing and Remote Access
Server (RRAS) client, please see the following article in the Microsoft
Knowledge Base:

   Q233303 RRAS Credentials Cached when "Save Password" Option Cleared

Cached security credentials, including passwords, are stored in the registry and
protected by an access control list (ACL). RAS uses Local Security Authority
(LSA) Secrets to store the entries. The default ACL values only allow
administrators and the user associated with the credentials to gain access to
these registry entries.

Additional encryption for LSA Secrets is available to provide protection for this
information when stored on backup tapes, the Emergency Repair Disk, or other
registry backups using the System Key option. For information on System Key
(Syskey.exe) functionality, please refer to the following article in the
Microsoft Knowledge Base:

   Q143475 Windows NT System Key Permits Strong Encryption of the SAM

For additional security-related information about Microsoft products, please
visit the following Microsoft Web site:

   http://www.microsoft.com/security/

Additional query words: 
============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.  MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  IN NO
EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR
ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.  SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE FOREGOING LIMITATION MAY NOT APPLY.