From: Michael Scheidell (scheidellsecnap.net)
Date: Mon Sep 20 2004 - 08:54:39 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

please re-read the full text.

-----Original Message-----
From: Larry Mitchell [mailto:listse-lsd.com]
Sent: Monday, September 20, 2004 9:53 AM
To: mwwilsonnavo.hpc.mil; Chris Norton; Michael Scheidell;
bugtraqsecurityfocus.com; vulnwatchvulnwatch.org;
full-disclosurelists.netsys.com
Cc: vulnsecurity-corporation.com; security-alertaustin.ibm.com;
certus.ibm.com
Subject: [SPAM] - Re: Vulnerability in IBM Windows XP: default hidden
Administrator account allows local Administrator access - Email found in
subject

Michael,

Windows XP home edition hides the administrator account and disables access
to it entirely even from a manual login unless you are in safe mode. This
seems to be the most likely explaination of this "hidden" admin account.

Regards,
Larry

----- Original Message -----
From: "Michael Wilson, Contractor" <mwwilsonnavo.hpc.mil>
To: "Chris Norton" <kicktd_listhotmail.com>; "Michael Scheidell"
<scheidellsecnap.net>; <bugtraqsecurityfocus.com>;
<vulnwatchvulnwatch.org>; <full-disclosurelists.netsys.com>
Cc: <vulnsecurity-corporation.com>; <security-alertaustin.ibm.com>;
<certus.ibm.com>
Sent: Friday, September 17, 2004 3:08 PM
Subject: RE: Vulnerability in IBM Windows XP: default hidden Administrator
account allows local Administrator access

> Negative.
>
> In previous versions of Windows (NT core), the install would allow you to
> simply strike <enter> at the appropriate time, when being queried for an
> administrator password, and voila -> the administrative password would be
> blank.
>
> Windows XP manual install will ask if you are sure, while warning of the
> implications, and if you insist it disallows network access to the
> administrator account to limit WAN or LAN hacking. I was working IA at a
> major university when this, administrator account logins checking for
blank
> or the password "password", became quite a problem. The response would
> often be, "I forgot to reset after the install!" I pushed a domain policy
> denying access to the local administrator password from the network,
> regardless of what the password was.
>
> Windows has instituted the same by default, thereby limiting this exploit
to
> a console login, if the password hash = blank hash.
>
> It is most likely the Vendor Install Customization that has caused this
> issue, as true enough, most vendor installs force you to pick an
> administrator password before using the system. If the account is hidden,
> then it is definitely IBM's doing as I have never seen a Windows install
> where the administrator account could not be seen under the accounts tab.
>
> Thank you,
>
> Michael Wilson CISSP (Contractor)
> Lockheed Martin Space Operations
> Computer Security Specialist
> NAVO-MSRC
> mwwilsonnavo.hpc.mil
> 228-688-4393
>
>
>
> -----Original Message-----
> From: Chris Norton [mailto:kicktd_listhotmail.com]
> Sent: Friday, September 17, 2004 10:59 AM
> To: Michael Scheidell; bugtraqsecurityfocus.com;
> vulnwatchvulnwatch.org; full-disclosurelists.netsys.com
> Cc: vulnsecurity-corporation.com; security-alertaustin.ibm.com;
> certus.ibm.com
> Subject: Re: Vulnerability in IBM Windows XP: default hidden
> Administrator account allows local Administrator access
>
>
> This "hidden" Administrator account is part of Windows XP and NOT IBM's
> porblem.
> Every Windows XP system ships and installs with the Administrator and
blank
> password.
> This "hidden" account has been known about for some time, just like
Windows
> 2000
> Administrator account is the same way. There are ways to disable or change
> the
> Administrator name and password or to disable the account completely.
> --
> Chris Norton
> UAT Student Software Engineering Network Defense
>
>
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]