Full Disclosure mailing list archives
RE: [SPAM] - Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access - Email found in subject
From: "Michael Scheidell" <scheidell () secnap net>
Date: Mon, 20 Sep 2004 09:54:39 -0400
please re-read the full text. -----Original Message----- From: Larry Mitchell [mailto:lists () e-lsd com] Sent: Monday, September 20, 2004 9:53 AM To: mwwilson () navo hpc mil; Chris Norton; Michael Scheidell; bugtraq () securityfocus com; vulnwatch () vulnwatch org; full-disclosure () lists netsys com Cc: vuln () security-corporation com; security-alert () austin ibm com; cert () us ibm com Subject: [SPAM] - Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access - Email found in subject Michael, Windows XP home edition hides the administrator account and disables access to it entirely even from a manual login unless you are in safe mode. This seems to be the most likely explaination of this "hidden" admin account. Regards, Larry ----- Original Message ----- From: "Michael Wilson, Contractor" <mwwilson () navo hpc mil> To: "Chris Norton" <kicktd_list () hotmail com>; "Michael Scheidell" <scheidell () secnap net>; <bugtraq () securityfocus com>; <vulnwatch () vulnwatch org>; <full-disclosure () lists netsys com> Cc: <vuln () security-corporation com>; <security-alert () austin ibm com>; <cert () us ibm com> Sent: Friday, September 17, 2004 3:08 PM Subject: RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access
Negative. In previous versions of Windows (NT core), the install would allow you to simply strike <enter> at the appropriate time, when being queried for an administrator password, and voila -> the administrative password would be blank. Windows XP manual install will ask if you are sure, while warning of the implications, and if you insist it disallows network access to the administrator account to limit WAN or LAN hacking. I was working IA at a major university when this, administrator account logins checking for
blank
or the password "password", became quite a problem. The response would often be, "I forgot to reset after the install!" I pushed a domain policy denying access to the local administrator password from the network, regardless of what the password was. Windows has instituted the same by default, thereby limiting this exploit
to
a console login, if the password hash = blank hash. It is most likely the Vendor Install Customization that has caused this issue, as true enough, most vendor installs force you to pick an administrator password before using the system. If the account is hidden, then it is definitely IBM's doing as I have never seen a Windows install where the administrator account could not be seen under the accounts tab. Thank you, Michael Wilson CISSP (Contractor) Lockheed Martin Space Operations Computer Security Specialist NAVO-MSRC mwwilson () navo hpc mil 228-688-4393 -----Original Message----- From: Chris Norton [mailto:kicktd_list () hotmail com] Sent: Friday, September 17, 2004 10:59 AM To: Michael Scheidell; bugtraq () securityfocus com; vulnwatch () vulnwatch org; full-disclosure () lists netsys com Cc: vuln () security-corporation com; security-alert () austin ibm com; cert () us ibm com Subject: Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access This "hidden" Administrator account is part of Windows XP and NOT IBM's porblem. Every Windows XP system ships and installs with the Administrator and
blank
password. This "hidden" account has been known about for some time, just like
Windows
2000 Administrator account is the same way. There are ways to disable or change the Administrator name and password or to disable the account completely. -- Chris Norton UAT Student Software Engineering Network Defense
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: [SPAM] - Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access - Email found in subject Michael Scheidell (Sep 20)