From: Michael Scheidell (scheidellsecnap.net)
Date: Sat Sep 18 2004 - 10:39:56 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

XP HOME??? I am not talking about XP home.

-----Original Message-----
From: Shawn McMahon [mailto:smcmahoneiv.com]
Sent: Saturday, September 18, 2004 10:07 AM
To: Michael Wilson, Contractor
Cc: Chris Norton; Michael Scheidell; bugtraqsecurityfocus.com;
vulnwatchvulnwatch.org; full-disclosurelists.netsys.com;
vulnsecurity-corporation.com; security-alertaustin.ibm.com;
certus.ibm.com
Subject: Re: Vulnerability in IBM Windows XP: default hidden
Administrator account allows local Administrator access

On Fri, Sep 17, 2004 at 03:08:34PM -0500, Michael Wilson, Contractor
said:
>
> It is most likely the Vendor Install Customization that has caused
this
> issue, as true enough, most vendor installs force you to pick an
> administrator password before using the system. If the account is
hidden,
> then it is definitely IBM's doing as I have never seen a Windows
install
> where the administrator account could not be seen under the accounts
tab.

Averatec laptop installs of XP Home have it hidden; you have to boot in
Safe Mode to add a password.

The documentation that specifies this is a Microsoft product, so I
suspect it's the same with other installs of Home, but I have only left
the packaged install of XP Home on one machine ever, so I am not at all
sure of this.

--
Shawn McMahon | Let's set the record straight. There is no argument
EIV Consulting | over the choice between peace and war, but there is
UNIX and Linux | only one guaranteed way you can have peace - and
you
http://www.eiv.com | can have it in the next second - surrender. -
Reagan

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]