lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 8 Mar 2003 02:45:06 +0200
From: "Andrew G. Tereschenko" <secure.bugtraq@....odessa.ua>
To: <bugtraq@...urityfocus.com>
Subject: Re: [EC-SA-01.2003] Windows XP "welcome screen"  exposes the names of all the members of the local administrators group


> Direct solution: 
> No direct solution at this time.
> 
>  
> Workaround:
> Avoid using the welcome screen and use only the normal logon screen.
> 

http://www.kellys-korner-xp.com/xp_wel_screen.htm
or 
http://www.google.com/search?q=%2BSpecialAccounts+%2BWindows+%2BXP

Wellknown and supported way to remove/hide users from Welcome screen.

Also I would like to note that there is a flaw in your report.
Any user can retrive lists or users and shares in default configuration 
for NT4 and W2K using "null sessions". XP has some changes.
This was already discussed  in
http://cert.uni-stuttgart.de/archive/focus-ms/2002/03/msg00088.html

Just wanna everything will be clear,
--
Andrew G. Tereschenko
TAG Software Research Lab
Odessa, Ukraine

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ