Bugtraq mailing list archives
RE: The "Lunch Break Hole"
From: "David LeBlanc" <dleblanc () mindspring com>
Date: Sun, 27 Jan 2002 00:55:32 -0800
There are chances that someone already knows your password, and that he uses a security hole of Windows 2000 to log into your machine without leaving any logon/logoff traces in the Security log!
[snip]
Because the locking of the machine creates no Security event by design, a local attacker can use this hole to log onto a locked machine and lock this machine again (when he is done), without leaving logon/logoff traces of his successful break in in the Security log!
This does not repro on my XP Pro system. When I lock and unlock the system, it creates events in the security events IF I have logon auditing enabled. I haven't had time to test against Windows 2000. And, BTW, if someone already knows your password, this should be the least of your worries.
Current thread:
- The "Lunch Break Hole" Frank Heyne (Jan 22)
- RE: The "Lunch Break Hole" David LeBlanc (Jan 28)