|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NT Screen Saver Password Protect Bug
- To: NTBUGTRAQ
LISTSERV.NTBUGTRAQ.COM - Subject: Re: NT Screen Saver Password Protect Bug
- From: David Hiers <USFTLTV9IBMMAIL.COM>
- Date: Thu, 26 Mar 1998 12:11:47 -0500
- Reply-To: David Hiers <USFTLTV9IBMMAIL.COM>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
I've got to respectfully disagree with Paul concerning his assertion that this issue is not a security problem. Background: Once the logon process of any OS finishes, I know that a person (PRINCIPAL) has proven their authorization to access an account (with knowledge of an account name and password, for instance). That account is now considered a SUBJECT. A SUBJECT's attempt to access OBJECTS (files, programs, hardware, etc (any protected entity)) is controlled by a Reference Monitor. Analysis: Once the link between a PRINCIPAL and SUBJECT is broken, security is broken, and all the activity of the Reference Monitor is invalid and untrustable. Discussion: That it takes administrative rights on a workstation to execute the exploit makes this problem even worse. Note that as you move up the security scale, (C1, C2, B1, B2, ...) controls on the behavior of administrative users becomes greater, not lesser. In fact, the increasing controls on admin's rights lead eventually to a system in which no one person has unlimitted rights. Hence, the more security you want, the more you have to be able to control and monitor the activities of your trusted users (administrators). Conclusion: Any programmatic behavior that permits unintended impersonation-type functionality is a security vulnerability. The risk is proportional to the likelihood that someone possesses the skill and desire to download and run GetAdmin on a workstation that a Domain Admin is likely to use. David Hiers
- Prev by Date: Re: NT Screen Saver Password Protect Bug
- Next by Date: Alert: NTBugtraq may be off air!
- Prev by thread: Re: NT Screen Saver Password Protect Bug
- Next by thread: Re: NT Screen Saver Password Protect Bug
- Index(es):