Full Disclosure mailing list archives
Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access
From: "Larry Mitchell" <lists () e-lsd com>
Date: Mon, 20 Sep 2004 08:53:03 -0500
Michael, Windows XP home edition hides the administrator account and disables access to it entirely even from a manual login unless you are in safe mode. This seems to be the most likely explaination of this "hidden" admin account. Regards, Larry ----- Original Message ----- From: "Michael Wilson, Contractor" <mwwilson () navo hpc mil> To: "Chris Norton" <kicktd_list () hotmail com>; "Michael Scheidell" <scheidell () secnap net>; <bugtraq () securityfocus com>; <vulnwatch () vulnwatch org>; <full-disclosure () lists netsys com> Cc: <vuln () security-corporation com>; <security-alert () austin ibm com>; <cert () us ibm com> Sent: Friday, September 17, 2004 3:08 PM Subject: RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access
Negative. In previous versions of Windows (NT core), the install would allow you to simply strike <enter> at the appropriate time, when being queried for an administrator password, and voila -> the administrative password would be blank. Windows XP manual install will ask if you are sure, while warning of the implications, and if you insist it disallows network access to the administrator account to limit WAN or LAN hacking. I was working IA at a major university when this, administrator account logins checking for
blank
or the password "password", became quite a problem. The response would often be, "I forgot to reset after the install!" I pushed a domain policy denying access to the local administrator password from the network, regardless of what the password was. Windows has instituted the same by default, thereby limiting this exploit
to
a console login, if the password hash = blank hash. It is most likely the Vendor Install Customization that has caused this issue, as true enough, most vendor installs force you to pick an administrator password before using the system. If the account is hidden, then it is definitely IBM's doing as I have never seen a Windows install where the administrator account could not be seen under the accounts tab. Thank you, Michael Wilson CISSP (Contractor) Lockheed Martin Space Operations Computer Security Specialist NAVO-MSRC mwwilson () navo hpc mil 228-688-4393 -----Original Message----- From: Chris Norton [mailto:kicktd_list () hotmail com] Sent: Friday, September 17, 2004 10:59 AM To: Michael Scheidell; bugtraq () securityfocus com; vulnwatch () vulnwatch org; full-disclosure () lists netsys com Cc: vuln () security-corporation com; security-alert () austin ibm com; cert () us ibm com Subject: Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access This "hidden" Administrator account is part of Windows XP and NOT IBM's porblem. Every Windows XP system ships and installs with the Administrator and
blank
password. This "hidden" account has been known about for some time, just like
Windows
2000 Administrator account is the same way. There are ways to disable or change the Administrator name and password or to disable the account completely. -- Chris Norton UAT Student Software Engineering Network Defense
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Michael Scheidell (Sep 15)
- Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Colin . Scott (Sep 16)
- Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Harrison Gladden (Sep 16)
- Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Chris Norton (Sep 17)
- RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Michael Wilson, Contractor (Sep 17)
- Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Shawn McMahon (Sep 18)
- Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Larry Mitchell (Sep 20)
- RE: Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access pingywon MCSE (Sep 17)
- RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Michael Wilson, Contractor (Sep 17)
- <Possible follow-ups>
- RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Michael Scheidell (Sep 17)
- RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Michael Scheidell (Sep 17)
- RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Michael Wilson, Contractor (Sep 17)
- RE: RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Phillip R. Paradis (Sep 17)
- Re: RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Valdis . Kletnieks (Sep 21)
- RE: RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Phillip R. Paradis (Sep 17)
- Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Chris Norton (Sep 18)
- RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Michael Wilson, Contractor (Sep 17)
- RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Michael Scheidell (Sep 18)
- RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Michael Scheidell (Sep 18)
(Thread continues...)