Password file

In Unix environments, the /etc/passwd file traditionally contains user information and the corresponding encrypted passwords. A password fileÆs permissions are read-only for all users except the password command. Current Unix systems should minimize the chances of an attacker obtaining passwords by storing passwords in a Trusted Computing Base (TCB) or a shadow password file.

Windows 95 systems use a .pwl password list file to store network and dial-in passwords. The contents of the password list file are weakly encrypted, and could provide password information when cracked.

Microsoft Knowledge Base article Q140557 ôMicrosoft Windows 95 Password List Security Issueö at http://support.microsoft.com/support/kb/articles/q140/5/57.asp recommends that you either upgrade using the Mspwlupd.exe enhanced security patch or disable password caching for maximum security.

The Mspwlupd.exe patch is described in Microsoft Knowledge Base article Q132807 ôEnhanced Encryption for Windows 95 Password Cacheö at http://support.microsoft.com/support/kb/articles/Q132/8/07.asp. The patch itself is available at http://support.microsoft.com/download/support/mslfiles/Mspwlupd.exe (326304 bytes).