security hole in winXP

Discussion in 'Computer Security' started by flamer, Jul 10, 2006.

  1. flamer

    flamer Guest

    Hi,

    discovered this yesterday:

    Xp installs an admin account by default on all systems, this account is
    not visible in user accounts unless logged on as admin or nor is it
    visible at the login screen..

    pressing ctrl + alt + del twice at the login screen on an xp box brings
    up an nt style login screen, you can login as administrator (and
    windows of course by default has no password on that account).. so you
    can get full access to a system..

    well this worked because, me personally had assumed that the account i
    was using called something different was just the original admin
    account, renamed to something else.. there was no way of knowing there
    was an administrator account on there, because i never logged on as..

    or maybe everyone already knew about this..

    Flamer.
     
    flamer, Jul 10, 2006
    #1
    1. Advertising

  2. flamer wrote:
    > Hi,
    >
    > discovered this yesterday:
    >
    > Xp installs an admin account by default on all systems, this account is
    > not visible in user accounts unless logged on as admin or nor is it
    > visible at the login screen..


    But you can make it show up as documented.

    > pressing ctrl + alt + del twice at the login screen on an xp box brings
    > up an nt style login screen, you can login as administrator (and
    > windows of course by default has no password on that account).. so you
    > can get full access to a system..


    Nope, this doesn't work that easy. And you know why?
    On WinXP Pro and Win2K, you had to set up an admin password at install
    time. On WinXP Home, the admin account is disabled for normal logon.

    However, in the latter case you can reset the machine and boot up in
    safe mode. This is not directly a security hole, but just another
    problem with a lame default configuration.

    Just another such security hole: On first startup of IE, it browses to
    MSN website with no HTTPS at all. Now any fool could buy some adspace on
    MSN and smuggle in his code, allowing to freely run code of his choice
    on your machine.

    > well this worked because, me personally had assumed that the account i
    > was using called something different was just the original admin
    > account, renamed to something else..


    assume = ass + u + me

    Or was your assumption actually based upon some facts?

    > there was no way of knowing there
    > was an administrator account on there, because i never logged on as..


    Oh, there was, definitely. F.e. looking at the handbook, the online
    help, documentation at microsoft.com or just a little glimpse at the
    useraccount management applet (either Control Panel or MMC), not to talk
    about SIDs, user profiles, ...

    > or maybe everyone already knew about this..


    Indeed.
     
    Sebastian Gottschalk, Jul 10, 2006
    #2
    1. Advertising

  3. flamer

    flamer Guest

    Sebastian Gottschalk wrote:

    > flamer wrote:
    > > Hi,
    > >
    > > discovered this yesterday:
    > >
    > > Xp installs an admin account by default on all systems, this account is
    > > not visible in user accounts unless logged on as admin or nor is it
    > > visible at the login screen..

    >
    > But you can make it show up as documented.
    >
    > > pressing ctrl + alt + del twice at the login screen on an xp box brings
    > > up an nt style login screen, you can login as administrator (and
    > > windows of course by default has no password on that account).. so you
    > > can get full access to a system..

    >
    > Nope, this doesn't work that easy. And you know why?
    > On WinXP Pro and Win2K, you had to set up an admin password at install
    > time. On WinXP Home, the admin account is disabled for normal logon.
    >
    > However, in the latter case you can reset the machine and boot up in
    > safe mode. This is not directly a security hole, but just another
    > problem with a lame default configuration.
    >
    > Just another such security hole: On first startup of IE, it browses to
    > MSN website with no HTTPS at all. Now any fool could buy some adspace on
    > MSN and smuggle in his code, allowing to freely run code of his choice
    > on your machine.
    >
    > > well this worked because, me personally had assumed that the account i
    > > was using called something different was just the original admin
    > > account, renamed to something else..

    >
    > assume = ass + u + me
    >
    > Or was your assumption actually based upon some facts?
    >


    Assumption was based on the fact that there has to be one admin account
    on the pc, my account was admin, and no other accounts showed.

    > > there was no way of knowing there
    > > was an administrator account on there, because i never logged on as..

    >
    > Oh, there was, definitely. F.e. looking at the handbook, the online
    > help, documentation at microsoft.com or just a little glimpse at the
    > useraccount management applet (either Control Panel or MMC), not to talk
    > about SIDs, user profiles, ...
    >
    > > or maybe everyone already knew about this..

    >
    > Indeed.


    Well like i say maybe people already knew about this, but regardless of
    what technet has to document about it; my system had a hidden/active
    administrator account with no password set.
    ou voir

    Flamer.
     
    flamer, Jul 10, 2006
    #3
  4. flamer wrote:

    > Assumption was based on the fact that there has to be one admin account
    > on the pc, my account was admin, and no other accounts showed.


    On a list that is documented to be filtered by default...

    > Well like i say maybe people already knew about this, but regardless of
    > what technet has to document about it; my system had a hidden/active
    > administrator account with no password set.


    It is not hidden, except on the "Welcome site" logon page, as documented.
     
    Sebastian Gottschalk, Jul 10, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Z
    Replies:
    1
    Views:
    454
    Splibbilla
    Jul 23, 2005
  2. AM

    Is it a security hole?

    AM, Jan 5, 2005, in forum: Cisco
    Replies:
    5
    Views:
    494
  3. Alex Vinokur
    Replies:
    23
    Views:
    956
    Kenneth E. Spress
    Jul 15, 2003
  4. Dr. Harvie Wahl-Banghor

    G-mail Security Hole

    Dr. Harvie Wahl-Banghor, Nov 1, 2004, in forum: Computer Support
    Replies:
    7
    Views:
    441
    G. Morgan
    Nov 2, 2004
  5. mchiper
    Replies:
    0
    Views:
    418
    mchiper
    Sep 12, 2003
Loading...

Share This Page