Thick Client Security - Passwords In Registry

Abhi Gowda
Feb 3, 2021

When the thick client application is installed and signed up. the sensitive information like password will be stored in registry.

Use windows operating system “registry editor” tool to view registry entries. by using this tool we can search for keywords like username, passwords etc.. or we can navigate to particular registry path of installed thickclient application and look for sensitive information.

Remediation: Encrypt and store the passwords or store garbage value instead of passwords.

!! Happy Learning !!

--

--