Vulnerability Development mailing list archives

Re: NT 4.0 (Workstation) Logon Authentication Vulnerability

From: gurcsika () TC FAA GOV (Anthony Gurcsik)
Date: Wed, 15 Mar 2000 16:11:17 -0500


Go look at Q172931
(http://support.microsoft.com/support/kb/articles/Q172/9/31.ASP?LNG=ENG&SA=ALLKB
&FR=0), Cached Logon Information.

Tony

-----Original Message-----
From: jhw1970 () HOTMAIL COM
Sent: Tuesday, March 14, 2000 1:19 PM
To: VULN-DEV () SECURITYFOCUS COM
Subject: NT 4.0 (Workstation) Logon Authentication Vulnerability

Scenario:  User logon to WinNT domain.

Problem:  I believe WinNT may cache user passwords.  This
allows a user to disconnect a terminal from the network and
login to the workstation locally without being
authenticated by the PDC or BDC.

Vulnerability:  A malicious user may disconnect a machine
from the network and add/remove software without being
audited by the PDC/BDC.  Also, a user who has been deleted
from the domain users list may still have access to a
machine which he/she had used in the past.

Current thread:

Re: NT 4.0 (Workstation) Logon Authentication Vulnerability andrej () KTU EDU (Mar 15)
- <Possible follow-ups>
- Re: NT 4.0 (Workstation) Logon Authentication Vulnerability Anthony Gurcsik (Mar 15)