Jul 21 2021

Windows “HiveNightmare” bug could leak passwords – here’s what to do!

Category: Password Security,Windows SecurityDISC @ 1:24 pm

Windows “hives” contain registry data, some of it secret. The nightmare is that these files aren’t properly protected against snooping.

As if one Windows Nightmare dogging all our printers were not enough…

…here’s another bug, disclosed by Microsoft on 2021-07-20, that could expose critical secrets from the Windows registry.

Denoted CVE-2021-36934, this one has variously been nicknamed HiveNightmare and SeriousSAM.

The moniker HiveNightmare comes from the fact that Windows stores its registry data in a small number of proprietary database files, known in Microsoft jargon as hives or hive files.

These hive files include a trio called SAMSECURITY and SYSTEM, which between them include secret data including passwords and security tokens that regular users aren’t supposed to be able to access.

They’re kept in a special, and supposedly secure, folder under the Windows directory called C:\Windows\System32\config, as you see here:

C:\Windows\System32\config> dir
[. . .]
Directory of C:\Windows\System32\config
[. . .]
21/07/2021  12:57           524,288 BBI
25/06/2021  06:21            28,672 BCD-Template
21/07/2021  14:45        32,768,000 COMPONENTS
21/07/2021  12:57           786,432 DEFAULT
21/07/2021  12:32         4,194,304 DRIVERS
[. . .]
21/07/2021  12:57            65,536 SAM       <--some system secrets included
21/07/2021  12:57            32,768 SECURITY  <--some system secrets included
21/07/2021  12:57        87,556,096 SOFTWARE
21/07/2021  12:57        11,272,192 SYSTEM    <--some system secrets included
[. . .]

The moniker SeriousSAM comes from the filename SAM, which is short for Security Account Manager, a name that sounds as serious as the file’s content’s are.




Tags: HiveNightmare