Security News > 2021 > July > Windows “HiveNightmare” bug could leak passwords – here’s what to do!

Windows “HiveNightmare” bug could leak passwords – here’s what to do!
2021-07-21 18:58

Denoted CVE-2021-36934, this one has variously been nicknamed HiveNightmare and SeriousSAM. The moniker HiveNightmare comes from the fact that Windows stores its registry data in a small number of proprietary database files, known in Microsoft jargon as hives or hive files.

These hive files include a trio called SAM, SECURITY and SYSTEM, which between them include secret data including passwords and security tokens that regular users aren't supposed to be able to access.

You need to have Administrator access already in order to get at the SAM data in memory, and you can't get at the SAM registry hive on disk while Windows is running even if you are an Administrator, because the SAM file shown above is locked for the exclusive use of the operating system.

We wrote a tiny C program that you can use to get an "Accessibility indicator" for any file on the system - it simply tries to open the filename or filenames you put on the command line, and reports the Windows error code if the file couldn't be opened up for read access.

Inheritance:e processed file: C:Windowssystem32configBBI processed file: C:Windowssystem32configSAM processed file: C:Windowssystem32configSECURITY processed file: C:Windowssystem32configSYSTEM Successfully processed 45 files; Failed processing 0 files.

If you have any system restore points on your computer, those restore points include copies of your original SAM, SECURITY and SYSTEM registry hive file with the old and insecure access control settings.


News URL

https://nakedsecurity.sophos.com/2021/07/21/windows-hivenightmare-bug-could-leak-passwords-heres-what-to-do/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-07-22 CVE-2021-36934 Unspecified vulnerability in Microsoft products
<p>An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database.
0.0