
Windows NT Local Security Authority
The scanner has detected that the registry key that governs alternate security
providers either has improper permissions, has been altered, or the password
processing library it refers to does not exist.
If a user has the right to change this key, a DLL can be installed which
allows all password changes to be written to clear text, or even transmitted off
site. If there is an alternate provider which has been intentionally installed,
this test could yield a false positive. Examine the contents of the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
value to ensure it has not been tampered with, and set the permissions on this
key to allow it to be written only by the system and administrators.
Microsoft mistakenly shipped Windows NT 4.0 with the
Risk: Very high
OS Vulnerable: Windows NT
Fix: Set the permissions properly. If an unauthorized security provider has been
installed, all accounts on this machine should be considered compromised. If
the FPNWCLNT.DLL is not being used, remove the FPNWCLNT string from the
Notification Packages value.