User Dictionary Issues

Windows 10 has a new feature that’s been around for some time called. Inking and typing personalization. To turn this off you would go into your Windows 10 settings pane, then click privacy, and set this below to off.

When you click to view user dictionary in that pane. It shows a list of names it has remembered. This feature is mean’t for convenience however it can be abused for malicious reasons.

For testing purposes I opened word, added an email address there and a couple names. Turns out under the appdata/roaming folder is a roamingcustom.dic file

Only administrators and that user are the only ones that can open the file. This file if compromised can help malicious actors in many different ways. If it holds usernames that will help them know what username during a bruteforce attack. Also it can help them find out the structure of usernames. Many different malicious ways this information can be utilized. The threat can be labeled as of the reconnaissance type. As this information is very handy during the initial reconnaissance stage.

Leave a Reply

Your email address will not be published. Required fields are marked *