RE: Win XP - Renaming administrator, possible vulnerability?

["Orr, Brian D (EMA)" <OrrBD () navair navy mil>]

Sounds like it may be a sid and/or a caching problem. I'd be interested in
comparing the sids. Also, you might try logging in using the "user1"
password 10+ times (I believe that is the default for passwd cache).

- Brian

-----Original Message-----
From: Jones, Bob [mailto:JonesB () students svcc edu]
Sent: Wednesday, October 23, 2002 8:37 PM
To: 'security-basics () security-focus com'
Subject: Win XP - Renaming administrator, possible vulnerability?


Greetings to all,

I've noticed on my WinXP machines that if I rename an existing user to
another name (doesn't matter what), and rename the Administrator account to
the former name of that user account.  That I could log in to more than one
account with this name, simply depending upon which password was entered.
Something is not right with this, but I'm not at a level to determine
whether this can pose any kind of security vulnerability or not.  Microsoft
says:  "Since you must enter the password for the accounts then the system
is operating by design."  Is this just a strange bug?

For example:
Rename user account "user1" to "someone"
rename administrator account "administrator" to "user1"
Now with user1 entered in the login field, and user can enter either
password to gain access to either account.  

Any thoughts/explanations/insights?

Cheers!

Bob Jones