Re: Hidden accounts on sony vaio laptops

["Williams, James K" <James.Williams () ca com>]

Not a Sony issue.  This setup has been documented by MS 
since the release of Windows XP in 2001.

"Q: How can I add an Administrator password to make my 
computer more secure?

A: Another way to make your computer more secure is to 
assign a password to the Administrator account, which is 
blank by default. An Administrator account is a user account 
that has full permissions and control over a computer, can 
gain access to and modify all user accounts on a computer, 
and can only be accessed from safe mode."

http://www.microsoft.com/windowsxp/using/setup/getstarted/installqa.mspx

Regards,

Ken Williams ; Dir. Vuln Research 
Computer Associates ; 0xE2941985

> List:       bugtraq
> Subject:    Hidden accounts on sony vaio laptops
> From:       yash.kadakia () securityforge ! com
> Date:       2005-11-07 14:08:09
>
> Sony Vaio laptops require you to create a user account the
> first time you start your laptop. If the user you select 
> is not "Administrator", Sony still goes ahead and creates 
> a user "Administrator" with a blank password. 
>
> This user does not show up in control panel under User 
> Accounts but if you do start up in safemode the laptop 
> allows you to login as Administrator. 
>
> This gives an attacker an opportunity to gain 
> administrative access to a computer and access to create 
> add delete or modify user accounts.
>
> This is basically a backdoor account that is hidden from 
> the user and compromises the security of all Sony Vaio 
> laptops.