| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 18 Sep 2004 10:07:17 -0400
From: Shawn McMahon <smcmahon@....com>
To: "Michael Wilson, Contractor" <mwwilson@...o.hpc.mil>
Cc: Chris Norton <kicktd_list@...mail.com>,
Michael Scheidell <scheidell@...nap.net>, bugtraq@...urityfocus.com,
vulnwatch@...nwatch.org, full-disclosure@...ts.netsys.com,
vuln@...urity-corporation.com, security-alert@...tin.ibm.com,
cert@...ibm.com
Subject: Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access
On Fri, Sep 17, 2004 at 03:08:34PM -0500, Michael Wilson, Contractor said:
>
> It is most likely the Vendor Install Customization that has caused this
> issue, as true enough, most vendor installs force you to pick an
> administrator password before using the system. If the account is hidden,
> then it is definitely IBM's doing as I have never seen a Windows install
> where the administrator account could not be seen under the accounts tab.
Averatec laptop installs of XP Home have it hidden; you have to boot in
Safe Mode to add a password.
The documentation that specifies this is a Microsoft product, so I
suspect it's the same with other installs of Home, but I have only left
the packaged install of XP Home on one machine ever, so I am not at all
sure of this.
--
Shawn McMahon | Let's set the record straight. There is no argument
EIV Consulting | over the choice between peace and war, but there is
UNIX and Linux | only one guaranteed way you can have peace - and you
http://www.eiv.com | can have it in the next second - surrender. - Reagan
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists