Password Hole Found In Webshots

[Brian Carpenter <brian.carpenter () wosc edu>]

        I have descovered a hole in the webshots screensave program. On either
a Win2K or xp machine that has it installed you can bypass the password
on the screen saver by pressing Ctrl+Alt+Del wich brings up the Windows
box that contains logout lockcomputer shutdown ect: Then you will hit
cancel and boom you are at the desktop with all the permisions the
previous user had. If you have windows password locking the screen saver
you are able to  Ctrl+Alt+Del and then go to taskmanger and end the
screen saver thus bringing you back to the desktop.

        This works with both webshots password set up and the windows password
setup on the computer. As long as webshots is used the hole is there.