Password cracking tool instantly reveals cached passwords stored in popular applications
Subscribe to SecurityWeek by RSS
A Russian software company today released a password cracking tool that instantly reveals cached passwords to Web sites in Microsoft Internet Explorer, mailbox and identity passwords in all versions of Microsoft Outlook Express, Outlook, Windows Mail and Windows Live Mail.
Moscow based ElcomSoft, developer of the new password recovery tool, “Elcomsoft Internet Password Breaker,” says the product designed as tool to provide forensics, criminal investigators, security officers and government authorities with the ability to retrieve a variety of passwords stored on a PC.
With a price tag of just $49, it doesn’t seem as though investigators and government authorities are the real target market. These types of programs are by no means new, but this latest commercial software offering shows just how easily it is to gain access to such tools, even for non-technical users.
The password breaker gives users the ability to instantly retrieve the login and password information to a variety of resources such as those routinely cached by Web browsers. The tool can quickly recover cached logins and passwords to Web sites, including pre-filled forms and auto-complete information stored in the Internet Explorer cache. In addition, the tool makes it possible to instantly replace or reset IE Content Advisor passwords.
New features in Internet Explorer 7 and 8 include enhanced security for storing cached password information. The browsers encrypt the information with the URL of a Web site, making it impossible to access stored information without knowing the exact Web address of a resource. Elcomsoft Internet Password Breaker claims to work around this new security model by analyzing cached URL history and identifying Web sites last visited in order to retrieve login and password information stored for those Web sites.
The password cracking tool reveals passwords protecting access to email accounts, identities and Microsoft Outlook PST files. Supporting all versions of Microsoft Outlook, Outlook Express, Windows Mail and Windows Live Mail, Elcomsoft Internet Password Breaker can retrieve the original plain-text passwords protecting access to mail accounts, POP3, IMAP, SMTP and NNTP news passwords. In addition, Elcomsoft Internet Password Breaker reveals Microsoft Passport passwords stored by Windows Live Mail, user identity passwords, and passwords protecting PST files created by Microsoft Outlook up to version 2010.
Elcomsoft Internet Password Breaker automatically identifies all supported products and user identities, locates all available accounts and PST files, and reveals stored password information.
With tools like these available to the masses, individuals and enterprises need to further consider full disk encryption solutions and additional security measures.
Subscribe to SecurityWeek by RSS
Related Reading: New Tool Speeds Password Cracking with Distributed Password Recovery
Related Reading: The Three Providers Who Decide Whether You Will be Hacked
Related Reading: Botnets – A Cybercriminal’s Best Friend
Subscribe to SecurityWeek by RSS
