Microsoft Network Client Password Cache contents.gifindex.gif

Microsoft Network Client Password Cache

Windows 95, Windows for Workgroups, and DOS network clients cache passwords in files with the extension .PWL on the hard drive. These password cache files are weakly encrypted and easily broken, and should not be accessible on a shared file system. In updated or patched versions of Windows 95, the encryption is stronger. The scan engine searches for .PWL files if a share can be opened.

Risk: Medium

OS Vulnerable: Windows 95, Windows for Workgroups, and MS Client for DOS.

Fix: Turn off file sharing on the host if it is not needed or restrict sharing to the parts of the drive that must be shared. In addition, install the latest service pack fixes from Microsoft, or consider setting up the client to log in to the domain so that no PWL files are created. Upgrading to Windows NT also removes this problem.