Home News Password Recovery News Proactive Password Auditor 1.5 (formerly Proactive Windows Security Explorer) has been released
Proactive Password Auditor 1.5 (formerly Proactive Windows Security Explorer) has been released PDF Print E-mail
Wednesday, 29 June 2005 16:00

ElcomSoft has released Proactive Password Auditor™

1.5, a password audit and security test tool that makes it easy for NT4/2000/XP/2003 systems administrators to identify and close security holes in their networks. By running Proactive Password Auditor regularly, managers can have peace of mind that the basic lock on their networks is secure.


Password hacking continues to be a serious network security threat. Too often, people use simple and easy-to-remember passwords such as common words, repeating characters, and names. Proactive Password Auditor™ helps secure networks by executing a comprehensive audit of account passwords, and exposing all insecure passwords. Chief Security Officers can locate individual security holes, and patch them immediately. They can also identify patterns and trends that weaken security, and develop the appropriate policies to improve network security. An administrator can use Proactive Password Auditor™ to recover any lost password, and access a user's Windows account.

The program audits passwords by analyzing user password hashes, and recovering plain-text passwords. If it is possible to recover the password within a reasonable time, the password is considered insecure. With support for both LM and the NTLM password authentication protocols, Proactive Password Auditor™ can audit and authenticate passwords very quickly, even on networks with thousands of user accounts.

In addition to Microsoft Active Directory Support, faster operation, better wordlist management, and automatic decryption of passwords for certain system accounts, there are three new powerful features:

·        Rainbow Attack. Because it can take days or weeks for a computer to generate all of the possible passwords for a particular system, ElcomSoft has introduced a new "rainbow attack" subsystem. You can run Proactive Password Auditor™ in the background to generate and use pre-computed hash tables that will allow you to find most passwords in minutes instead of days or weeks;

·        Preliminary Attack. Under this regimen, password hashes are retrieved, and the audit process starts automatically, using pre-configured options. First, the program checks obvious passwords (for example, the password is the same as the user name). Second, it retrieves and decrypts passwords from memory. Third, the program runs the dictionary attack; and

·        Simultaneous Auditing. Program can audit multiple servers and computers at once. By saving user names and passwords, future audits are performed with just a few clicks, and without having to re-enter setup information.

Proactive Password Auditor™ runs under Windows 98/Me/NT4/2000/XP/2003; some program features are available only on Windows NT4/2000/XP/2003, and require Administrator privileges. Prices begin at $299(US) for networks with up to 20 user accounts.