|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NT Screen Saver Password Protect Bug
- To: NTBUGTRAQ
LISTSERV.NTBUGTRAQ.COM - Subject: Re: NT Screen Saver Password Protect Bug
- From: "Curtis Anderson, CNE, MCSE" <candersoism.ca>
- Date: Tue, 24 Mar 1998 14:35:57 -0600
- Comments: To: Christopher L Buono <cbuonoALBANY.NET>
- Organization: ISM Manitoba
- Reply-To: "candersoism.ca" <candersoism.ca>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
FWIW, this is also reproducable on NT 3.51, SP5 running the Novell IntraNetWare Client for NT (which replaces NT's own GINA login module). It doesn't look like the GINA itself is at fault; more likely the module(s) that call the screen saver don't handle this condition properly, if at all. I have also noticed that going into Control Panel : Desktop after performing this procedure shows the screen saver set to NONE. If you cancel out of that dialog, then rename the SCX file back to SCR, then reenter Control Panel : Desktop , your original screen saver settings are back. I don't know if this info will be of value to MS in troubleshooting but you never know. This also works: As per Christopher's exploit, except instead of renaming the SS file, remotely edit the registry key: HKEY_USERS\<UserIDStringofnumbers>\Control Panel\Desktop\ScreenSaverIsSecure to a value of 0 Now do Christopher's exploit as he's described: You're into the machine, no muss, no fuss, and with someone else's Admin ID to wreak whatever havoc you please. Additional info, may or may not be of value: With the SS set to NONE, and using the standard CTL-ALT-DEL to lock the console, I then (from another NT machine) remotely edited the registry keys: HKEY_USERS\<UserIDStringofnumbers>\Control Panel\Desktop\ScreenSaveActive to a value of 1 and HKEY_USERS\<UserIDStringofnumbers>\Control Panel\Desktop\SCRNSAVE.EXE to a value of SSMARQUE.SCR to reactivate the screen saver, with no effect. If the screen saver is not set active at console lock time, I could not figure out a way to activate it and thus break into the machine. I did not spend a lot of time trying though, perhaps someone out there knows an AT command that can fire up the screen saver (I know MS Office 95's MSOW.EXE with /S will activate the Screen Saver, didn't play with this). I also did not try accessing the machine with the local Administrator's password while it was logged on to a domain. No reason to assume this access method would not work, though. Mental Note to Self: Logoff when leaving machine. Trust no one. ;-) ------------------------------------------------------------------------ -------------- Curtis Anderson, CNE, MCSE ISM Manitoba - an IBM Global Services team member 400 Ellice Avenue, Winnipeg, MB R3B 3M3 canderso
- Prev by Date: Re: NT Screen Saver Password Protect Bug
- Next by Date: Re: NT Screen Saver Password Protect Bug
- Prev by thread: Re: NT Screen Saver Password Protect Bug
- Next by thread: Re: NT Screen Saver Password Protect Bug
- Index(es):