[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <00c901c49f19$26b5e470$2f01a8c0@socrates>
Date: Mon, 20 Sep 2004 08:53:03 -0500
From: "Larry Mitchell" <lists@...sd.com>
To: <mwwilson@...o.hpc.mil>, "Chris Norton" <kicktd_list@...mail.com>,
"Michael Scheidell" <scheidell@...nap.net>, <bugtraq@...urityfocus.com>,
<vulnwatch@...nwatch.org>, <full-disclosure@...ts.netsys.com>
Cc: <vuln@...urity-corporation.com>, <security-alert@...tin.ibm.com>,
<cert@...ibm.com>
Subject: Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access
Michael,
Windows XP home edition hides the administrator account and disables access
to it entirely even from a manual login unless you are in safe mode. This
seems to be the most likely explaination of this "hidden" admin account.
Regards,
Larry
----- Original Message -----
From: "Michael Wilson, Contractor" <mwwilson@...o.hpc.mil>
To: "Chris Norton" <kicktd_list@...mail.com>; "Michael Scheidell"
<scheidell@...nap.net>; <bugtraq@...urityfocus.com>;
<vulnwatch@...nwatch.org>; <full-disclosure@...ts.netsys.com>
Cc: <vuln@...urity-corporation.com>; <security-alert@...tin.ibm.com>;
<cert@...ibm.com>
Sent: Friday, September 17, 2004 3:08 PM
Subject: RE: Vulnerability in IBM Windows XP: default hidden Administrator
account allows local Administrator access
> Negative.
>
> In previous versions of Windows (NT core), the install would allow you to
> simply strike <enter> at the appropriate time, when being queried for an
> administrator password, and voila -> the administrative password would be
> blank.
>
> Windows XP manual install will ask if you are sure, while warning of the
> implications, and if you insist it disallows network access to the
> administrator account to limit WAN or LAN hacking. I was working IA at a
> major university when this, administrator account logins checking for
blank
> or the password "password", became quite a problem. The response would
> often be, "I forgot to reset after the install!" I pushed a domain policy
> denying access to the local administrator password from the network,
> regardless of what the password was.
>
> Windows has instituted the same by default, thereby limiting this exploit
to
> a console login, if the password hash = blank hash.
>
> It is most likely the Vendor Install Customization that has caused this
> issue, as true enough, most vendor installs force you to pick an
> administrator password before using the system. If the account is hidden,
> then it is definitely IBM's doing as I have never seen a Windows install
> where the administrator account could not be seen under the accounts tab.
>
> Thank you,
>
> Michael Wilson CISSP (Contractor)
> Lockheed Martin Space Operations
> Computer Security Specialist
> NAVO-MSRC
> mwwilson@...o.hpc.mil
> 228-688-4393
>
>
>
> -----Original Message-----
> From: Chris Norton [mailto:kicktd_list@...mail.com]
> Sent: Friday, September 17, 2004 10:59 AM
> To: Michael Scheidell; bugtraq@...urityfocus.com;
> vulnwatch@...nwatch.org; full-disclosure@...ts.netsys.com
> Cc: vuln@...urity-corporation.com; security-alert@...tin.ibm.com;
> cert@...ibm.com
> Subject: Re: Vulnerability in IBM Windows XP: default hidden
> Administrator account allows local Administrator access
>
>
> This "hidden" Administrator account is part of Windows XP and NOT IBM's
> porblem.
> Every Windows XP system ships and installs with the Administrator and
blank
> password.
> This "hidden" account has been known about for some time, just like
Windows
> 2000
> Administrator account is the same way. There are ways to disable or change
> the
> Administrator name and password or to disable the account completely.
> --
> Chris Norton
> UAT Student Software Engineering Network Defense
>
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists