0

What's the security risk of storing a password in the registry in plain text? How can you get at it unless you already have admin access, in which case it's a moot point?

(I'm only asking because I'm trying to figure out a workaround for a problem I'm having installing the pgAgent service. The docs say:

DO NOT be tempted to include a password in the pgAgent connection string[: ...] on Windows systems it will be stored in the registry in plain text.

...and the problem I'm having is with the alternative they provide.)

Community
  • 1
Kev
  • 984
  • 4
  • 23
  • 46

2 Answers2

2

the issues are

a: not all environments have locked down the registry to admins only

b: storing passwords in plaintext is never a good idea

c: usually service accounts get other rights aside from log on as a service and storing

the password in plaintext means that if I have local admin, I can get that account to use for essentially untraceable privilege escalation.

and that's before I've had my coffee

Jim B
  • 24,081
  • 4
  • 36
  • 60
  • b) and c) I think are moot in context--the pgpass.conf file stores them in plain text and that's the alternative. The idea is that you lock down access to the file. But I'm very interested in the specifics of a)--how do you get to the registry without already having access to the disks? And how would you lock this down? – Kev Mar 04 '10 at 14:12
  • +1 "storing passwords in plaintext is never a good idea". I'll add, storing passwords is never a good idea, store hashes of passwords :) – chmeee Mar 04 '10 at 14:13
  • If you don't store them somewhere, how do your services connect? AFAIK PostgreSQL doesn't support Windows User Authentication like MSSQL does. – Kev Mar 04 '10 at 14:15
  • Don't just need local admin...it's technically possible to bypass the privileges altogether with a boot disk and dumping the registry to a file for cracking later. – Bart Silverstrim Mar 04 '10 at 14:42
1

Here are a couple of scenarios (I've only had 1/2 a cup of coffee):

  • The registry is accessible over the network. Depending on where the reg key is stored and how the security on the registry has been tweaked (which is somewhat atypical, but not unheard of) a non-local-admin can connect over the network and read HKLM and HKCU.
  • The registry is stored in files under %systemroot%\system32\config. Those files could be copied and opened elsewhere
  • A malicious piece of code could get executed in the security context of a user with admin privileges and send out whatever it wants to just about anywhere on God's green Earth.

Plain text passwords = all around bad idea. There is always a way to get to them.

squillman
  • 37,883
  • 12
  • 92
  • 146