1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

BitLocker encryption can be defeated with trivial Windows authentication bypass

Discussion in 'Network World' started by RSS, Nov 13, 2015.

  1. RSS

    RSS New Member Member

    Companies relying on Microsoft BitLocker to encrypt the drives of their employees' computers should install the latest Windows patches immediately. A researcher disclosed a trivial Windows authentication bypass, fixed earlier this week, that puts data on BitLocker-encrypted drives at risk.

    Ian Haken, a researcher with software security testing firm Synopsys, demonstrated the attack Friday at the Black Hat Europe security conference in Amsterdam. The issue affects Windows computers that are part of a domain, a common configuration on enterprise networks.

    When domain-based authentication is used on Windows, the user's password is checked against a computer that serves as domain controller. However, in situations when, for example, a laptop is taken outside of the network and the domain controller cannot be reached, authentication relies on a local credentials cache on the machine.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page