Vulnerability Development mailing list archives
Re: NT 4.0 (Workstation) Logon Authentication Vulnerability
From: gurcsika () TC FAA GOV (Anthony Gurcsik)
Date: Wed, 15 Mar 2000 16:11:17 -0500
Go look at Q172931 (http://support.microsoft.com/support/kb/articles/Q172/9/31.ASP?LNG=ENG&SA=ALLKB &FR=0), Cached Logon Information. Tony -----Original Message----- From: jhw1970 () HOTMAIL COM Sent: Tuesday, March 14, 2000 1:19 PM To: VULN-DEV () SECURITYFOCUS COM Subject: NT 4.0 (Workstation) Logon Authentication Vulnerability Scenario: User logon to WinNT domain. Problem: I believe WinNT may cache user passwords. This allows a user to disconnect a terminal from the network and login to the workstation locally without being authenticated by the PDC or BDC. Vulnerability: A malicious user may disconnect a machine from the network and add/remove software without being audited by the PDC/BDC. Also, a user who has been deleted from the domain users list may still have access to a machine which he/she had used in the past.
Current thread:
- Re: NT 4.0 (Workstation) Logon Authentication Vulnerability andrej () KTU EDU (Mar 15)
- <Possible follow-ups>
- Re: NT 4.0 (Workstation) Logon Authentication Vulnerability Anthony Gurcsik (Mar 15)