If I remember correctly, On a Win2k box, the default behavior is to allow administrator access when there is a blank password. Microsoft changed this behavior in XP. If the password is blank, the Administrator cannot log in remotely. As soon as you give it a password, then you can log in remotely. So technically, there isn't a hole, even if the password is still blank.
Todd Tucker, Brock - St. Louis, MO wrote: > I might start with the firewall on XP. I imagine that if it's on, it > might prevent certain tests from producing results. Just a thought. > Could be wrong. > > Brock Tucker > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Huu Khiem > Sent: Monday, October 08, 2007 4:43 AM > To: [email protected] > Subject: Cannot discover blank password admin WinXP > > Hi All, > > > I use Nessus scanner 3.0.6 (up-to-date plugins) to > scan a remote Pc (OS:Windows XP Pro - SP2) with blank > password administrator, but it couldn't discover this > hole while it's OK with Windows 2000. > > Could you give me your advice. Thanks > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
