Phrozen Proof Of Concept - Papers

Weakness Description

Microsoft Windows suffer from a serious lack of protection in their authentication mechanism which could led in privilege escalation.

Indeed, in default installation of Windows (all version), the account lockdown policy is disabled plus authentication API's doesn't limit number of attempts per seconds which could led to a medium to fast brute-force attacks.

Using our PoC and depending of the number of cores available in the target system you could test from few thousands to dozen of thousands of password per second.

Considering that those kind of authentication API's could be used by any Windows account, even a Guest user could use the PoC to recover / crack the password of any local user and escalate his privilege.

Read more...