XP HOME??? I am not talking about XP home.
-----Original Message-----
From: Shawn McMahon [mailto:smcmahon@eiv.com]
Sent: Saturday, September 18, 2004 10:07 AM
To: Michael Wilson, Contractor
Cc: Chris Norton; Michael Scheidell; bugtraq@securityfocus.com;
vulnwatch@vulnwatch.org; full-disclosure@lists.netsys.com;
vuln@security-corporation.com; security-alert@austin.ibm.com;
cert@us.ibm.com
Subject: Re: Vulnerability in IBM Windows XP: default hidden
Administrator account allows local Administrator access
On Fri, Sep 17, 2004 at 03:08:34PM -0500, Michael Wilson, Contractor
said:
It is most likely the Vendor Install Customization that has caused
this
issue, as true enough, most vendor installs force you to pick an
administrator password before using the system. If the account is
hidden,
then it is definitely IBM's doing as I have never seen a Windows
install
where the administrator account could not be seen under the accounts
tab.
Averatec laptop installs of XP Home have it hidden; you have to boot in
Safe Mode to add a password.
The documentation that specifies this is a Microsoft product, so I
suspect it's the same with other installs of Home, but I have only left
the packaged install of XP Home on one machine ever, so I am not at all
sure of this.
--
Shawn McMahon | Let's set the record straight. There is no argument
EIV Consulting | over the choice between peace and war, but there is
UNIX and Linux | only one guaranteed way you can have peace - and
you
http://www.eiv.com | can have it in the next second - surrender. -
Reagan
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
