password reset – Page 2 – WindowsTechs.com

When resetting password after forgetting it, why is there a need to notify "Password cannot be your previous password"?

Posted on February 28, 2023 by Marasmius

This is from the perspective of someone who had supposedly forgotten their password. We’re doing this project wherein we "secure" an application that was given to us. We added this "forget password" feature that allows … Continue reading When resetting password after forgetting it, why is there a need to notify "Password cannot be your previous password"?→

How to generate actually valid NTLM hash for chntpw (for SAM hive file injection)

Posted on January 10, 2023 by HeartOfGermany

I am currently working on a solution to at least try to implement a working/modern "change password" option to chntpw.
First of all: Windows uses this format in its hive file:
root@rescue /mnt/Windows/System32/config # samdump2 S… Continue reading How to generate actually valid NTLM hash for chntpw (for SAM hive file injection)→

brute forcing a pseudoRandom number Generator

Posted on December 15, 2022 by hanan

was trying to brute force a random number generated by the ruby method rand which generated a random float number between 0.0 and 1.0 excluding 1.0.
so for example I have this code:
Time.now.to_s.split(//).sort_by {rand}.join

this produce… Continue reading brute forcing a pseudoRandom number Generator→

exploiting the scenario and how to generate a secure reset password token

Posted on December 14, 2022 by hanan

I am using the following line of code to create a reset password code sent to the user in her/his email. when scanned with brakeman to my ruby code, this line of code is catched and describes it as it is vulnerable.
this is the line of cod… Continue reading exploiting the scenario and how to generate a secure reset password token→

Pre-Hijacking Mitigation

Posted on October 24, 2022 by ihsan çiftci

I want to create a website with password login and social login (e.g. Google only.)
For password login, first I will send a verification email.
I want to prevent pre-hijacking.
For those who do not know pre-hijacking: https://msrc-blog.mic… Continue reading Pre-Hijacking Mitigation→

Password reset encryption mechanism based on username [duplicate]

Posted on September 18, 2022 by Dang Max

Short
I known
0x02135 gets encrypted to -> NzY4MzY5
0x02136 gets encrypted to -> NzcxMzc0
…etc

I want to know
0x02137 will get encrypted to -> ??? (in same enc. pattern)

Brief
I was testing a … Continue reading Password reset encryption mechanism based on username [duplicate]→

Critical Samba bug could let anyone become Domain Admin – patch now!

Posted on July 27, 2022 by Paul Ducklin

It’s a serious bug… but there’s a fix for it, so you know exactly what to do! Continue reading Critical Samba bug could let anyone become Domain Admin – patch now!→

Reset forgotten subkey password using master key?

Posted on July 1, 2022 by Christian

Problem
For some reason I forgot the passphrase for my GnuPG signing subkey, but I have my master key stored in a separate device. Is there a way to regain access to my subkey? Or should I replace my old subkey with a new one hoping the ol… Continue reading Reset forgotten subkey password using master key?→

How to Reset a Windows 10 Password

Posted on June 1, 2022 by Michael Otey

Windows 10 offers many ways for you to reset a… Continue reading How to Reset a Windows 10 Password→

Password Recovery email – secure enough?

Posted on May 26, 2022 by JoSSte

I am currently implementing new auth schemes for a site, and decided to implement an "I forgot my password" email looking at this guide for inspiration.
My Flow
The flow I have designed is as follows (three phases):

Saving the e… Continue reading Password Recovery email – secure enough?→