NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Vuln-Dev> 2001-q1

From: Erik Tayler (erikDIGITALDEFENSE.NET)
Date: Thu Jan 18 2001 - 11:00:42 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I was able to confirm the "problem" that has been floating around the
vuln-dev list. It worked with the value of NTLM being 0, and also worked
as 1. Other posters confirm that they may login as "Administrator" via
such methods, I was unable to confirm such a result. It is my
understanding that in order for this little flaw to work, you may not
have the Guest account disabled.

Microsoft (R) Windows (TM) Version 5.00 (Build 2195)
Welcome to Microsoft Telnet Service
Telnet Server Build 5.00.99201.1
login: guest
Login through Guest account not allowed
login: \\guest
[truncated output][login was successful]

Erik Tayler
Security Analyst
Digital Defense Incorporated
http://www.digitaldefense.net

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]