Re: NT Screen Saver Password Protect Bug

• To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
• Subject: Re: NT Screen Saver Password Protect Bug
• From: Russ <Russ.CooperRC.ON.CA>
• Date: Tue, 24 Mar 1998 09:35:36 -0500
• Comments: To: Christopher L Buono <cbuonoALBANY.NET>
• Reply-To: Russ <Russ.CooperRC.ON.CA>
• Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>

There have been a number of messages submitted pointing out that to
properly lock your workstation/server when away from it, you should use
"Lock Workstation", and not a screen saver (of any kind from any
company).

This is the best advice, but Christopher's message about how easily the
password mechanism in screen savers can be by-passed should not be
discounted, and instead ear-marked as yet another data point on the list
of securing an NT box. If screen savers with password features are going
to be shipped with NT, then they should fail securely, rather than fail
wide open, IMO. This was, I believe, Christopher's point.

As to whether or not this is yet another example of what an Admin can
do, Christopher provides one example how someone not authorized to go
through the screen saver password screen, can, and thereby become logged
on as a higher privileged user. This is by no means the only way, but it
is, again, another way.

Giving someone Machine or Resource Domain Administrator privilege is
akin to giving them Master Domain Admin privilege, and this needs to be
recognized. As does creating shares on the root of the %systemroot%
volume (i.e. C:\), which can be done and would by-pass the default
restrictions on C$ thereby giving access to the %systemroot%\system32
directory.

Cheers,
Russ Cooper
R.C. Consulting, Inc. - NT/Internet Security
http://www.ntbugtraq.com

• Prev by Date: Re: NT Screen Saver Password Protect Bug
• Next by Date: Stubborn Licenses
• Prev by thread: Re: NT Screen Saver Password Protect Bug
• Next by thread: Re: NT Screen Saver Password Protect Bug
• Index(es):
  • Date
  • Thread