Vulnerability Development mailing list archives
Re: NT 4.0 (Workstation) Logon Authentication Vulnerability
From: andrej () KTU EDU (andrej () KTU EDU)
Date: Wed, 15 Mar 2000 13:51:38 +0200
The Winnt caching username and password as well as user rights, thats mean, the workstation store user registry and user rights and basically user is being authenticated only once when he(she) login. So there are NO authentications done while user is logged on. The different thing is if user is deleted. in that case i recommend a domain admins to enable roaming profiles and don't let users to login if roaming profile fails. This really helps. Sincerely, --Andrejus Stavickis (MCP, MCP+I, MCSE, MCSD, MCDBA) KTU SC UESM Studentu 48a-203 Kaunas, 3028 LITHUANIA phone: +370 7 300633 Cellular phone: +370 87 15664 fax: +370 7 352995 ICQ: 2402709
-----Original Message----- From: jhw1970 () HOTMAIL COM [mailto:jhw1970 () HOTMAIL COM] Sent: Tuesday, March 14, 2000 3:19 PM To: VULN-DEV () SECURITYFOCUS COM Subject: NT 4.0 (Workstation) Logon Authentication Vulnerability Scenario: User logon to WinNT domain. Problem: I believe WinNT may cache user passwords. This allows a user to disconnect a terminal from the network and login to the workstation locally without being authenticated by the PDC or BDC. Vulnerability: A malicious user may disconnect a machine from the network and add/remove software without being audited by the PDC/BDC. Also, a user who has been deleted from the domain users list may still have access to a machine which he/she had used in the past.
Current thread:
- Re: NT 4.0 (Workstation) Logon Authentication Vulnerability andrej () KTU EDU (Mar 15)
- <Possible follow-ups>
- Re: NT 4.0 (Workstation) Logon Authentication Vulnerability Anthony Gurcsik (Mar 15)