please re-read the full text.
-----Original Message----- From: Larry Mitchell [mailto:[EMAIL PROTECTED] Sent: Monday, September 20, 2004 9:53 AM To: [EMAIL PROTECTED]; Chris Norton; Michael Scheidell; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [SPAM] - Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access - Email found in subject Michael, Windows XP home edition hides the administrator account and disables access to it entirely even from a manual login unless you are in safe mode. This seems to be the most likely explaination of this "hidden" admin account. Regards, Larry ----- Original Message ----- From: "Michael Wilson, Contractor" <[EMAIL PROTECTED]> To: "Chris Norton" <[EMAIL PROTECTED]>; "Michael Scheidell" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, September 17, 2004 3:08 PM Subject: RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access > Negative. > > In previous versions of Windows (NT core), the install would allow you to > simply strike <enter> at the appropriate time, when being queried for an > administrator password, and voila -> the administrative password would be > blank. > > Windows XP manual install will ask if you are sure, while warning of the > implications, and if you insist it disallows network access to the > administrator account to limit WAN or LAN hacking. I was working IA at a > major university when this, administrator account logins checking for blank > or the password "password", became quite a problem. The response would > often be, "I forgot to reset after the install!" I pushed a domain policy > denying access to the local administrator password from the network, > regardless of what the password was. > > Windows has instituted the same by default, thereby limiting this exploit to > a console login, if the password hash = blank hash. > > It is most likely the Vendor Install Customization that has caused this > issue, as true enough, most vendor installs force you to pick an > administrator password before using the system. If the account is hidden, > then it is definitely IBM's doing as I have never seen a Windows install > where the administrator account could not be seen under the accounts tab. > > Thank you, > > Michael Wilson CISSP (Contractor) > Lockheed Martin Space Operations > Computer Security Specialist > NAVO-MSRC > [EMAIL PROTECTED] > 228-688-4393 > > > > -----Original Message----- > From: Chris Norton [mailto:[EMAIL PROTECTED] > Sent: Friday, September 17, 2004 10:59 AM > To: Michael Scheidell; [EMAIL PROTECTED]; > [EMAIL PROTECTED]; [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Subject: Re: Vulnerability in IBM Windows XP: default hidden > Administrator account allows local Administrator access > > > This "hidden" Administrator account is part of Windows XP and NOT IBM's > porblem. > Every Windows XP system ships and installs with the Administrator and blank > password. > This "hidden" account has been known about for some time, just like Windows > 2000 > Administrator account is the same way. There are ways to disable or change > the > Administrator name and password or to disable the account completely. > -- > Chris Norton > UAT Student Software Engineering Network Defense > > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
