Click here to Skip to main content
Click here to Skip to main content
Search within:



 
Comments & Discussions (17)

How to Detect Empty Password Users

By , 13 Aug 2007
 

Introduction

This article describes how to detect empty password users in the Windows NT environment using Visual C++ 6. This method may require the Platform SDK.

Requisite Knowledge

Readers should be familiar with the C++ language and Windows API. This article is so simple that you can understand it even if you are not a professional.

Empty Password Users: Why We Detect Them

Empty password users can destroy local computers because a WORM VIRUS is able to use such accounts to spread itself. When you turn your system on without a password, your system infects within a minute. For this reason, if you can detect empty passwords, you can advise the user to set a password. In the past I searched Google for how to deal with this, but I could not get anything about it. So, I decided to write my own program. This is some simple empty password detection code that runs on Windows NT; it does not support Windows 9x.

What is the Problem?

The first idea is using the LogonUser API. This API can log in a given user name and return a result. The first code example is:

HANDLE hToken = NULL;
BOOL bLoggedOn = ::LogonUser(pszUserName, pszPassword, NULL, 
    LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &hToken);

if(bLoggedOn) 
{
    printf("Logged On!\n");
} 
else 
{
    printf("Failed\n");
}

However, the first code's problem is that the LogonUser API does not work with an empty password. We cannot call this function with a NULL password or "". In this situation, how can we detect an empty password? The answer is simple: just check the error code. In MSDN, LogonUser returns the error code via GetLastError. So, we can get LogonUser's error by using the GetLastError function. The following code describes how to get the error code of LogonUser.

HANDLE hToken = NULL; 
BOOL bLoggedOn = ::LogonUser(pszUserName, "", NULL, 
    LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &hToken);
DWORD dwError = GetLastError();

dwError has the error code of LogonUser. LogonUser returns error code 1327 when a user has an empty password. I tested the following code from Windows XP on my own system and it works well.

HANDLE hToken = NULL; 
BOOL bLoggedOn = ::LogonUser(pszUserName, "", 
    NULL, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, 
&hToken);
DWORD dwError = GetLastError();

if(bLoggedOn || dwError == 1327)
{
    printf("Empty Password Logon User: %s\n", pszUserName);
}

History

  • 13 August, 2007 -- Original version posted

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

About the Author

 Yonghwi Kwon
Software Developer
United States United States
Member
I started to write software since 1999 and have developed various products including security solutions and system utilities.
 
Microsoft Visual C++ MVP (from 2008 to present)
Website: http://rodream.net

Article Top
 
Sign Up to vote   Poor Excellent
Add a reason or comment to your vote: x
Votes of 3 or less require a comment

Comments and Discussions

 
You must Sign In to use this message board.
Search this forum  
    Spacing  Noise  Layout  Per page   
First Prev Next
SuggestionSuggestion to use in C#memberfreedeveloper2 Jul '12 - 11:52 
Thanks for your Article.
 
It was very usefull to me. I converter it to C# easily, the only trick is that you dont need to call the GetLastError Function by declare it as external it is more easy:
 
var error = Marshal.GetLastWin32Error();
 
Thanks again
Sign In·View Thread·Permalink
GeneralDomain user gets locked outmemberDuggi18 Dec '07 - 22:01 
There is a great risk that an user gets lockedout when he/she belongs to a domain. So this soluction cannot be recommened
Sign In·View Thread·Permalink
GeneralRe: Domain user gets locked outmemberKwon Yong Hwi19 Dec '07 - 14:35 
thanks for the comment.
 
But, can you explain more detail the situation what you said?
 
Thanks in advance
Sign In·View Thread·Permalink
GeneralRe: Domain user gets locked outmemberjamalhaider18 Jun '08 - 19:52 
I second you for this. Can you please tell is their any other way to accomplish the same?
 
Thanks in advance.
Sign In·View Thread·Permalink
GeneralRe: Domain user gets locked outmemberDuggi22 Oct '08 - 0:44 
I'm still looking for a solution for this issue.
So i can't tell if their is any other way to accomplish the same. :(
Sign In·View Thread·Permalink
GeneralEach test will add two entries in eventviewermemberRalf Lohmueller5 Sep '07 - 19:32 
Hi all,
 
nice idea, but:
please be aware that using this method
each test will add two entries in eventviewer
(security events).
I don't know, if administrators like this.
 
btw:
Is it also a possible scenario, that if
an application uses this too often,
a user gets locked out?
(depending on the user/group-policy)
Did someone test this?
 
greetings,
ralf
Sign In·View Thread·Permalink
GeneralError 1327mvpDavidCrow21 Aug '07 - 3:32 
Check against ERROR_ACCOUNT_RESTRICTION instead. At a minimum, it makes the code more readable.
 

"A good athlete is the result of a good and worthy opponent." - David Crow

"To have a respect for ourselves guides our morals; to have deference for others governs our manners." - Laurence Sterne
Sign In·View Thread·Permalink
GeneralRe: Error 1327memberKwon Yong Hwi22 Aug '07 - 3:20 
Thanks for the advise Smile | :)
 
That was my mistake and I will fix it as soon as possible Smile | :)
 
Sign In·View Thread·Permalink
GeneralGreat tip!memberGrump20 Aug '07 - 23:01 
This is quite a useful tip and all credit to you for sharing it.
 
One suggestion, though, is to add an include reference to and change the error code check to be against ERROR_ACCOUNT_RESTRICTION (instead of 1327) to make it slightly less cryptic. The description in the MS docs for this error code is "Logon failure: user account restriction. Possible reasons are blank passwords not allowed, logon hour restrictions, or a policy restriction has been enforced.", which kind of points out that the error is caused by the password being blank.
 
Cheers,
Ralph
Sign In·View Thread·Permalink
GeneralRe: Great tip!memberKwon Yong Hwi22 Aug '07 - 3:19 
Thanks for the comment Smile | :)
 
I will update article with example program someday Smile | :)
 
Sign In·View Thread·Permalink
GeneralGood one!memberVasudevan Deepak Kumar16 Aug '07 - 1:59 
It is a good utility. Now helpdesk administrators can have a simpler utility to prepare a report of system vulnerabilities that they can audit, recommend and implement corrective actions.
 
Vasudevan Deepak Kumar
Personal Homepage
Tech Gossips
Sign In·View Thread·Permalink
GeneralRe: Good one!memberAnand Todkar16 Aug '07 - 5:01 
Small and sweet... nice work Smile | :)
 
Thanks,
Anand.
Sign In·View Thread·Permalink
General:confused: Wrong code is foundmemberj2doll13 Aug '07 - 19:23 
Your first psuedo code is below.
 
// ...
BOOL bLoggedOn = ::LogonUser(pszUserName, pszPassword, NULL,
// ...
 
in my opinion, pszPassword and NULL is changed.
Confused | :confused:
Sign In·View Thread·Permalink
GeneralRe: :confused: Wrong code is found [modified]memberKwon Yong Hwi13 Aug '07 - 20:03 
I tested this code and it works pretty well.
 
But, you can use "" or NULL, and it will take same result.
 
Thanks for comment. Smile | :)
 
-- modified at 4:01 Tuesday 14th August, 2007
Sign In·View Thread·Permalink
Generalnice one. I will try itmemberMichael Sync13 Aug '07 - 17:06 
nice one. very interesting...
 

How about Window Vista?? I'm using Windows Vista Home Primer version. So, Is it possible to detect the users who have empty password?

 
Thanks and Regards,
Michael Sync ( Blog: http://michaelsync.net)
 
If you want to thank me for my help, please vote my message by clicking one of numbers beside "Rate this message". Why vote? Plz Read it here. Thank you. Smile | :)

Sign In·View Thread·Permalink
GeneralRe: nice one. I will try itmemberKwon Yong Hwi13 Aug '07 - 22:21 
I tested it Windows Vista 32 and 64 bit, and it works well. Smile | :)
 
You can use this code in Windows Vista Smile | :)

Sign In·View Thread·Permalink
GeneralRe: nice one. I will try itmemberMichael Sync14 Aug '07 - 0:10 
oh. man. so cool.. I will test tonight. will let you know tomorrow..
 
Thanks and Regards,
Michael Sync ( Blog: http://michaelsync.net)
 
If you want to thank me for my help, please vote my message by clicking one of numbers beside "Rate this message". Why vote? Plz Read it here. Thank you. Smile | :)

Sign In·View Thread·Permalink
Last Visit: 31 Dec '99 - 18:00     Last Update: 18 May '13 - 20:26Refresh1

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

About Article
This article describes how to detect empty password users
Type Article
Licence CPOL
First Posted 13 Aug 2007
Views 41,502
Bookmarked 23 times
Top News

Math Primers for Programmers

Get the Insider News free each morning.
Related Videos
Detecting Element Properties pt. 2
Detecting Element Properties pt. 3
KeePass Password Safe
Zip and Unzip in the MFC way
Encrypting a dataset using AES, including compression
How-to safely keep a password field during postbacks and why it shouldn't be done
PasswordSpy - Retrieving lost passwords using Windows hooks
The Art & Science of Storing Passwords
Understanding SQL Injection and Creating SQL Injection Proof ASP.NET Applications
Creating a Basic Windows Service in C#
SWAT - A simple Web-based Anomalies Tracker - Part 3
How to Config Linked Servers in a Minute
ASP.NET authentication and authorization
ASP.NET - Password Strength Indicator using jQuery and XML
Ensuring Strong Passwords
Security: It’s Getting Worse
Custom Membership Providers
Beginners guide to a secure way of storing passwords
Installation of Drupal in Step by Step Manner
Secure Your .NET Applications and Integrate Them with Active Directory
Modifying Web.Config During Installation
User Authentication in Ruby on Rails
Permalink | Advertise | Privacy | Mobile
Web03 | 2.6.130516.1 | Last Updated 13 Aug 2007
Article Copyright 2007 by Yonghwi Kwon
Everything else Copyright © CodeProject, 1999-2013
Terms of Use
Layout: fixed | fluid