lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <BMEKJNNECFPDGJLDFNLJAEGFCIAA.mwwilson@navo.hpc.mil>
Date: Fri, 17 Sep 2004 15:08:34 -0500
From: "Michael Wilson, Contractor" <mwwilson@...o.hpc.mil>
To: "Chris Norton" <kicktd_list@...mail.com>,
   "Michael Scheidell" <scheidell@...nap.net>, <bugtraq@...urityfocus.com>,
   <vulnwatch@...nwatch.org>, <full-disclosure@...ts.netsys.com>
Cc: <vuln@...urity-corporation.com>, <security-alert@...tin.ibm.com>,
   <cert@...ibm.com>
Subject: RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access


Negative.

In previous versions of Windows (NT core), the install would allow you to
simply strike <enter> at the appropriate time, when being queried for an
administrator password, and voila -> the administrative password would be
blank.

Windows XP manual install will ask if you are sure, while warning of the
implications, and if you insist it disallows network access to the
administrator account to limit WAN or LAN hacking.  I was working IA at a
major university when this, administrator account logins checking for blank
or the password "password", became quite a problem.  The response would
often be, "I forgot to reset after the install!"  I pushed a domain policy
denying access to the local administrator password from the network,
regardless of what the password was.

Windows has instituted the same by default, thereby limiting this exploit to
a console login, if the password hash = blank hash.

It is most likely the Vendor Install Customization that has caused this
issue, as true enough, most vendor installs force you to pick an
administrator password before using the system.  If the account is hidden,
then it is definitely IBM's doing as I have never seen a Windows install
where the administrator account could not be seen under the accounts tab.

Thank you,

Michael Wilson CISSP (Contractor)
Lockheed Martin Space Operations
Computer Security Specialist
NAVO-MSRC
mwwilson@...o.hpc.mil
228-688-4393



-----Original Message-----
From: Chris Norton [mailto:kicktd_list@...mail.com]
Sent: Friday, September 17, 2004 10:59 AM
To: Michael Scheidell; bugtraq@...urityfocus.com;
vulnwatch@...nwatch.org; full-disclosure@...ts.netsys.com
Cc: vuln@...urity-corporation.com; security-alert@...tin.ibm.com;
cert@...ibm.com
Subject: Re: Vulnerability in IBM Windows XP: default hidden
Administrator account allows local Administrator access


This "hidden" Administrator account is part of Windows XP and NOT IBM's
porblem.
Every Windows XP system ships and installs with the Administrator and blank
password.
This "hidden" account has been known about for some time, just like Windows
2000
Administrator account is the same way. There are ways to disable or change
the
Administrator name and password or to disable the account completely.
--
Chris Norton
UAT Student Software Engineering Network Defense

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ