Nintendo-Power

Daily Gaming news, videos, reviews, tips & guides. Let's share our love of BigN games!

Record data can be read in plain text

Record data can be read in plain text

Security researcher Benjamin Delphi found a way to read encrypted login data of users on the same terminal server via Microsoft’s new cloud PC.

The new Microsoft offer Windows 365 offers a paid cloud PC operated by a remote desktop or web browser – i.e. running on a terminal server.

Cloud PC is a location on a terminal server that can be accessed via the Internet

Cloud PC is an interesting offer, for example, for people who want to be ready to work anywhere. For example, Cloud PC can be used via a tablet at home or a low-powered laptop and desktop in the office. All parameters of processing status, application environment and work environment are the same on all end devices.

In early August, Microsoft actually introduced a free two-month trial phase, which must be repaid in a few hours. Curiosity clearly exceeded Microsoft’s expectations. One of the relatively lucky ones was Benjamin Delphi who got it before the test offer went away.

Mimikatz asks for help with encryption please

Delphi is the developer of Mimicots, an open source cyber security program. Mimicods tests computers for vulnerabilities in dealing with user security. According to his GitHub page, Mimicots can extract passwords, hashes, pin codes and Gerberos tickets from memory in plain text and “maybe even make coffee”. The tool integrates passwords and then uses this access data to move it sideways over the network. In the background there is the hope of meeting a network participant in which the captured access data has more privileges – simply the domain controller.

Almost done!

Click the link in the confirmation email to complete your registration.

Want more information about the newsletter?
Find out more now

Delphi released this Mimicods tool on Cloud PC. To do this, he relied on a vulnerability he discovered in May 2021, which enables him to call the login data of users who logged into a terminal server in plain text. Even if a user’s login data is encrypted in memory on a terminal server, it is possible to ask the terminal service process to encrypt the login data in a friendly manner through mimicads. It took a little trick to do this, but in the end the process provided the service it needed, Delphi said Sleeping computer.

It’s a threatening scene

A threatening scenario arises with this approach only in a specific situation. That is, when an authorized cloud PC user does not use Mimicodes. To do this, he must first gain administrator access without being noticed. However, it can be quite imaginative using the usual methods of malicious cast, for example via manipulation websites that can install phishing emails or Trojans.

“It’s like reading passwords from a normal session. If I can spy on your password in terminal server sessions, I can use it on other systems that have more rights, data, and more,” Delphi explained. .

You can generally protect yourself by using two-factor authentication (2FA), smart cards, Windows Hello or Windows Defender Remote Credential Card. However, not all of these security features are currently available in Windows 365. It can now be assumed that Microsoft will not take much time to implement.

You may also be interested in it

See also  What to do if the Tesla Model S runs on battery