lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <B3BCAF4246A8A84983A80DAB50FE7242283141@secnap2.secnap.com>
Date: Sat, 18 Sep 2004 11:39:56 -0400
From: "Michael Scheidell" <scheidell@...nap.net>
To: "Shawn McMahon" <smcmahon@....com>
Cc: <bugtraq@...urityfocus.com>, <vulnwatch@...nwatch.org>,
   <full-disclosure@...ts.netsys.com>, <vuln@...urity-corporation.com>
Subject: RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access


XP HOME??? I am not talking about XP home.



-----Original Message-----
From: Shawn McMahon [mailto:smcmahon@....com]
Sent: Saturday, September 18, 2004 10:07 AM
To: Michael Wilson, Contractor
Cc: Chris Norton; Michael Scheidell; bugtraq@...urityfocus.com;
vulnwatch@...nwatch.org; full-disclosure@...ts.netsys.com;
vuln@...urity-corporation.com; security-alert@...tin.ibm.com;
cert@...ibm.com
Subject: Re: Vulnerability in IBM Windows XP: default hidden
Administrator account allows local Administrator access


On Fri, Sep 17, 2004 at 03:08:34PM -0500, Michael Wilson, Contractor
said:
> 
> It is most likely the Vendor Install Customization that has caused
this
> issue, as true enough, most vendor installs force you to pick an
> administrator password before using the system.  If the account is
hidden,
> then it is definitely IBM's doing as I have never seen a Windows
install
> where the administrator account could not be seen under the accounts
tab.

Averatec laptop installs of XP Home have it hidden; you have to boot in
Safe Mode to add a password.

The documentation that specifies this is a Microsoft product, so I
suspect it's the same with other installs of Home, but I have only left
the packaged install of XP Home on one machine ever, so I am not at all
sure of this.


-- 
Shawn McMahon      | Let's set the record straight. There is no argument
EIV Consulting     | over the choice between peace and war, but there is
UNIX and Linux	   | only one guaranteed way you can have peace - and
you
http://www.eiv.com | can have it in the next second - surrender. -
Reagan

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ