Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles / Languages / C++

How to Detect Empty Password Users

3.87/5 (26 votes)
13 Aug 2007CPOL2 min read 1  
This article describes how to detect empty password users

Introduction

This article describes how to detect empty password users in the Windows NT environment using Visual C++ 6. This method may require the Platform SDK.

Requisite Knowledge

Readers should be familiar with the C++ language and Windows API. This article is so simple that you can understand it even if you are not a professional.

Empty Password Users: Why We Detect Them

Empty password users can destroy local computers because a WORM VIRUS is able to use such accounts to spread itself. When you turn your system on without a password, your system infects within a minute. For this reason, if you can detect empty passwords, you can advise the user to set a password. In the past I searched Google for how to deal with this, but I could not get anything about it. So, I decided to write my own program. This is some simple empty password detection code that runs on Windows NT; it does not support Windows 9x.

What is the Problem?

The first idea is using the LogonUser API. This API can log in a given user name and return a result. The first code example is:

C++
HANDLE hToken = NULL;
BOOL bLoggedOn = ::LogonUser(pszUserName, pszPassword, NULL, 
    LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &hToken);

if(bLoggedOn) 
{
    printf("Logged On!\n");
} 
else 
{
    printf("Failed\n");
}

However, the first code's problem is that the LogonUser API does not work with an empty password. We cannot call this function with a NULL password or "". In this situation, how can we detect an empty password? The answer is simple: just check the error code. In MSDN, LogonUser returns the error code via GetLastError. So, we can get LogonUser's error by using the GetLastError function. The following code describes how to get the error code of LogonUser.

C++
HANDLE hToken = NULL; 
BOOL bLoggedOn = ::LogonUser(pszUserName, "", NULL, 
    LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &hToken);
DWORD dwError = GetLastError();

dwError has the error code of LogonUser. LogonUser returns error code 1327 when a user has an empty password. I tested the following code from Windows XP on my own system and it works well.

C++
HANDLE hToken = NULL; 
BOOL bLoggedOn = ::LogonUser(pszUserName, "", 
    NULL, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, 
&hToken);
DWORD dwError = GetLastError();

if(bLoggedOn || dwError == 1327)
{
    printf("Empty Password Logon User: %s\n", pszUserName);
}

History

  • 13 August, 2007 -- Original version posted

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)