lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 8 Nov 2005 13:49:33 -0500 From: "Williams, James K" <James.Williams@...com> To: <bugtraq@...urityfocus.com> Subject: Re: Hidden accounts on sony vaio laptops Not a Sony issue. This setup has been documented by MS since the release of Windows XP in 2001. "Q: How can I add an Administrator password to make my computer more secure? A: Another way to make your computer more secure is to assign a password to the Administrator account, which is blank by default. An Administrator account is a user account that has full permissions and control over a computer, can gain access to and modify all user accounts on a computer, and can only be accessed from safe mode." http://www.microsoft.com/windowsxp/using/setup/getstarted/installqa.mspx Regards, Ken Williams ; Dir. Vuln Research Computer Associates ; 0xE2941985 > List: bugtraq > Subject: Hidden accounts on sony vaio laptops > From: yash.kadakia () securityforge ! com > Date: 2005-11-07 14:08:09 > > Sony Vaio laptops require you to create a user account the > first time you start your laptop. If the user you select > is not "Administrator", Sony still goes ahead and creates > a user "Administrator" with a blank password. > > This user does not show up in control panel under User > Accounts but if you do start up in safemode the laptop > allows you to login as Administrator. > > This gives an attacker an opportunity to gain > administrative access to a computer and access to create > add delete or modify user accounts. > > This is basically a backdoor account that is hidden from > the user and compromises the security of all Sony Vaio > laptops.
Powered by blists - more mailing lists