Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access

From: "RandallM" <randallm () fidmail com>
Date: Sat, 18 Sep 2004 23:52:51 -0500
Gentlemen,
I'm a little lost now on the intent of the original post. I believe it was
intending to say that IBM computers arriving with XP installations have
"blank" default Administrator passwords. 

I install about three fresh installs of XP and four pre-installs on HP
laptops a week. The retail version always asks for a "password" for the
local Administrator account and a "user" name. XP pre-installations require
a "user" name and no mention of Admin account though its there by default
with no password. Both by default give the "user" local administrator
rights. Once installed I have to go to the accounts area and supply the
passwords. If I join these to the domain I must supply a password. I've done
it this way for two years and nothing has changed. 

It seems then the IBM and HP by pass what fresh retail installations do, and
that is allow the opportunity to supply a password for the local
administrator. This would be then their problem. Retail version warns but
allows blank passwords. This would be the XP problem.

I take full responsibility for any mistakes above. It's late. I'm tired and
doing so many it does become mind numbing. But I believe this is an accurate
account of the installations.
 
thank you
Randall M
 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: