Full Disclosure mailing list archives
hidden users on windows?
From: nabiy <nathan.aguirre () gmail com>
Date: Thu, 4 Aug 2005 00:13:01 +1000
Hello, A security issue has been identified in current versions of windows that allows 'hidden' user accounts. The User Account Manager in the Windows Control Panel and the 'Welcome Screen' both fail to report interactive logons made with the netapi. This security issue has been verified on Windows 2000 Professional, Windows XP Home Edition and Windows XP Professional. Microsoft was notified of this issue on July 28, 2005. The problem is not with the netapi or the ability to create users but with the User Account Manager in Windows. It simply fails to list all of the users that are on the system. This issue was noticed while exploring the netapi on windows – users created with the netuseradd function failed to show up in both the User Account Manager and on the Welcome Screen. The failure to list users made with the netapi presents a problem for obvious reasons; home users and even administrators expect to see all of the users on their system when using these facilities. The solution in all versions of windows is simple. Do not depend on the User Account Manager when managing user accounts on your system. Instead, users should use the Local Users and Groups management snapin or the net command from the cli. More information has been documented at http://neworder.box.sk nathan aguirre -- http://nabiy.sdf1.org . gopher://sdf.lonestar.org/11/users/nabiy The Super Dimension Fortress Public Access Unix System
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- hidden users on windows? nabiy (Aug 03)
- Re: hidden users on windows? Ill will (Aug 04)
- Re: hidden users on windows? nabiy (Aug 04)
- Re: hidden users on windows? Ill will (Aug 04)