Vulnerability Development mailing list archives

Re: is this something?

From: Samuel festus Stover <sstover () visto com>
Date: Thu, 18 Jan 2001 04:34:27 -0800

Korhan (and others),
  The exploit isn't that the guest account can be compromised without knowing the password, but rather that you can 
actually log in as guest which shouldn't be allowed by the default telnet server config.  If you had attempted to log 
in as "guest" you would have rec'd a message saying that "Login through Guest account not allowed".  If you then try to 
log in as \\guest, you are met with a password prompt:

<snip from your post>
Microsoft (R) Windows (TM) Version 5.00 (Build 2195)
Welcome to Microsoft Telnet Service
Telnet Server Build 5.00.99201.1
login: \\guest
password:
Logon failure: unknown user name or bad password.
<end snip>



S. festus

Blame is for God and small children.
Dega/"Papillon"



___________________________________________________________________________
Visit http://www.visto.com/info, your free web-based communications center.
Visto.com. Life on the Dot.

Current thread:

Re: is this something?, (continued)
- - Re: is this something? ghandi (Jan 17)
- Re: is this something? Phil Cox (Jan 17)
  - Re: is this something? Mike Sues (Jan 18)
- Re: is this something? Morten Johansen (Jan 17)
- Re: is this something? Korhan Gurler (Jan 17)
- Re: is this something? Philip Stoev (Jan 17)
- Re: is this something? Sven Michels (Jan 17)
- Re: is this something? Steve (Jan 18)
- Re: is this something? NetW3.COM Consulting (Jan 17)
- Re: is this something? Samuel festus Stover (Jan 17)
- Re: is this something? Samuel festus Stover (Jan 18)
- Re: is this something? Roland Morales (Jan 18)