Reduce Network Security Threats with Password Security Audit Software

New release includes UNICODE compliance

Dec. 20, 2006 -- ElcomSoft has released Proactive Password Auditor(TM) 1.7, a password audit and security test tool that makes it easy for NT4/2000/XP/2003 systems administrators to identify and close security holes in their networks. By running Proactive Password Auditor regularly, managers can ensure that the basic lock on their networks is secure.

New features in version 1.7 include full UNICODE compliance, allowing the program to work with user names and passwords in all of the Asian languages; and Rainbow Attack for NTLM as well as LM authentication, allowing you to create precomputed hash tables that dramatically reduce the amount of time required to find most passwords. Additionally, the new version is now able to work on machines with DEP (Data Execution Prevention) feature enabled, and supports Windows Vista.

Proactive Password Auditor helps secure networks by executing a comprehensive audit of account passwords and exposing all insecure passwords. Chief Security Officers can locate individual security holes and patch them immediately. They can also identify patterns and trends that weaken security, and develop the appropriate policies to improve network security. An administrator can use Proactive Password Auditor to recover any lost password and access a user's Windows account.

The program audits passwords by analyzing user password hashes, and recovering plain-text passwords. If it is possible to recover the password within a reasonable time, the password is considered insecure. The program supports both LM and NTLM password authentication protocols. Proactive Password Auditor can audit and authenticate passwords very quickly, whether it's one computer with a single account, or multiple servers and computers with thousands of user accounts.

In addition to Microsoft Active Directory Support, faster operation, better wordlist management, and automatic decryption of passwords for certain system accounts, the software offers four unique approaches to reducing network security threats:

  • Rainbow Attack: Because it can take days or weeks for a computer to generate all of the possible passwords for a particular system, ElcomSoft has introduced a new "rainbow attack" subsystem. You can run Proactive Password Auditor in the background to generate and use precomputed hash tables that will allow you to find most passwords in minutes instead of days or weeks;

  • Preliminary Attack: Under this regimen, password hashes are retrieved and the audit process starts automatically, using preconfigured options. First, the program checks obvious passwords (for example, the password is the same as the user name). Second, it retrieves and decrypts passwords from memory. Third, the program runs the dictionary attack.

  • Simultaneous Auditing: The program can audit multiple accounts at once, from a single computer or from multiple computers. Auditing thousands of accounts is performed at the same speed as auditing a single account.

  • Credentials Management: By saving user names and passwords for computers the program connects to, future audits are performed with just a few clicks and without having to re-enter set-up information.

Proactive Password Auditor v. 1.7 runs under Windows NT4/2000/XP/2003 and Windows Vista; some program features require Administrator privileges. Prices begin at $299 for networks with up to 20 user accounts. For more information and free trial version, visit