lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200409190452.i8J4qrP10926@netsys.com>
From: randallm at fidmail.com (RandallM)
Subject: Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access

Gentlemen,
I'm a little lost now on the intent of the original post. I believe it was
intending to say that IBM computers arriving with XP installations have
"blank" default Administrator passwords. 

I install about three fresh installs of XP and four pre-installs on HP
laptops a week. The retail version always asks for a "password" for the
local Administrator account and a "user" name. XP pre-installations require
a "user" name and no mention of Admin account though its there by default
with no password. Both by default give the "user" local administrator
rights. Once installed I have to go to the accounts area and supply the
passwords. If I join these to the domain I must supply a password. I've done
it this way for two years and nothing has changed. 

It seems then the IBM and HP by pass what fresh retail installations do, and
that is allow the opportunity to supply a password for the local
administrator. This would be then their problem. Retail version warns but
allows blank passwords. This would be the XP problem.

I take full responsibility for any mistakes above. It's late. I'm tired and
doing so many it does become mind numbing. But I believe this is an accurate
account of the installations.
 
thank you
Randall M
 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ