[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access
- To: <mwwilson@xxxxxxxxxxxx>, "Chris Norton" <kicktd_list@xxxxxxxxxxx>, "Michael Scheidell" <scheidell@xxxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>, <vulnwatch@xxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: [Full-Disclosure] Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access
- From: "Larry Mitchell" <lists@xxxxxxxxx>
- Date: Mon, 20 Sep 2004 08:53:03 -0500
Michael,
Windows XP home edition hides the administrator account and disables access
to it entirely even from a manual login unless you are in safe mode. This
seems to be the most likely explaination of this "hidden" admin account.
Regards,
Larry
----- Original Message -----
From: "Michael Wilson, Contractor" <mwwilson@xxxxxxxxxxxx>
To: "Chris Norton" <kicktd_list@xxxxxxxxxxx>; "Michael Scheidell"
<scheidell@xxxxxxxxxx>; <bugtraq@xxxxxxxxxxxxxxxxx>;
<vulnwatch@xxxxxxxxxxxxx>; <full-disclosure@xxxxxxxxxxxxxxxx>
Cc: <vuln@xxxxxxxxxxxxxxxxxxxxxxxx>; <security-alert@xxxxxxxxxxxxxx>;
<cert@xxxxxxxxxx>
Sent: Friday, September 17, 2004 3:08 PM
Subject: RE: Vulnerability in IBM Windows XP: default hidden Administrator
account allows local Administrator access
> Negative.
>
> In previous versions of Windows (NT core), the install would allow you to
> simply strike <enter> at the appropriate time, when being queried for an
> administrator password, and voila -> the administrative password would be
> blank.
>
> Windows XP manual install will ask if you are sure, while warning of the
> implications, and if you insist it disallows network access to the
> administrator account to limit WAN or LAN hacking. I was working IA at a
> major university when this, administrator account logins checking for
blank
> or the password "password", became quite a problem. The response would
> often be, "I forgot to reset after the install!" I pushed a domain policy
> denying access to the local administrator password from the network,
> regardless of what the password was.
>
> Windows has instituted the same by default, thereby limiting this exploit
to
> a console login, if the password hash = blank hash.
>
> It is most likely the Vendor Install Customization that has caused this
> issue, as true enough, most vendor installs force you to pick an
> administrator password before using the system. If the account is hidden,
> then it is definitely IBM's doing as I have never seen a Windows install
> where the administrator account could not be seen under the accounts tab.
>
> Thank you,
>
> Michael Wilson CISSP (Contractor)
> Lockheed Martin Space Operations
> Computer Security Specialist
> NAVO-MSRC
> mwwilson@xxxxxxxxxxxx
> 228-688-4393
>
>
>
> -----Original Message-----
> From: Chris Norton [mailto:kicktd_list@xxxxxxxxxxx]
> Sent: Friday, September 17, 2004 10:59 AM
> To: Michael Scheidell; bugtraq@xxxxxxxxxxxxxxxxx;
> vulnwatch@xxxxxxxxxxxxx; full-disclosure@xxxxxxxxxxxxxxxx
> Cc: vuln@xxxxxxxxxxxxxxxxxxxxxxxx; security-alert@xxxxxxxxxxxxxx;
> cert@xxxxxxxxxx
> Subject: Re: Vulnerability in IBM Windows XP: default hidden
> Administrator account allows local Administrator access
>
>
> This "hidden" Administrator account is part of Windows XP and NOT IBM's
> porblem.
> Every Windows XP system ships and installs with the Administrator and
blank
> password.
> This "hidden" account has been known about for some time, just like
Windows
> 2000
> Administrator account is the same way. There are ways to disable or change
> the
> Administrator name and password or to disable the account completely.
> --
> Chris Norton
> UAT Student Software Engineering Network Defense
>
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html