Weak Password Encryption Exposed in Windows '95

[13 December 1995] The Automated Systems Security Incident Support Team (ASSIST) announced that Microsoft's implementation of a stream cipher encrypting algorithm for PWL files has produced an easily broken encryption. The report was prompted by the release on the Internet of software that could break this encryption. The .PWL files contain Windows 95 Resource passwords, including access information for remote hosts. Resources possibly affected by passwords in .PWL files include, but are not limited to, the following: In response, Microsoft has released an updated security component to upgrade the encryption used; see URL http://www.microsoft.com/windows/software/mspwlupd.htm for details.