14 DAY TRIAL // Password recovery solutions have been around for a long time, but one particular application is capable of taking advantage of the way Windows works to be able to read data that’s otherwise encrypted.
LaZagne, developed by Alessandro Zanni, is a software application whose role was to extract passwords from Windows computers, and in the previous versions, it could do that without even asking for credentials for the administrator account. The only requirement was to run the software on the target computer with the user signed in.
And while LaZagne was a very effective solution when it came to extracting passwords, it did come with limitations, such as the physical access to the system that was absolutely required.
But a recent update powered by a component called LaZagneForensic (LZF) pushed things even further and allows the program to recover passwords either by extracting data from dump files from the target computer or by simply connecting the hard disk of the system to another machine. This pretty much eliminates the need for physical access to the system, though it goes without saying that in some way or another, a malicious actor still needs to get inside a computer should they want to steal passwords.
Supported software
And how exactly does LaZagne manage to extract the passwords? As TechRepublic notes, the program takes advantage of the way Windows works to access the sensitive information.
Basically, passwords are stored encrypted on a Windows machine, but once the user logs in, they are automatically decrypted, so that they can be used across the operating system. This is why LaZagne needs the user to be authenticated, as this way it can recover the passwords and then save them in plain text.
While it’s impossible to block attempts to extract passwords, the creator of the app says the only way users can remain secure is to avoid storing passwords using the default Windows method. This means a third-party password manager is the only way to go, even though that requires additional steps for each system.
Supported applications that LaZagne can recover passwords from includes Outlook, Thunderbird, browsers like Chrome, Firefox, IE, and opera, Pidgin, Filezilla FTP client, and Skype.