Home page logo

bugtraq logo Bugtraq mailing list archives

Re: name of built-in administrator
From: dleblanc () MINDSPRING COM (David LeBlanc)
Date: Tue, 28 Apr 1998 23:32:26 -0400

At 10:34 AM 4/28/98 -0500, Dominique Brezinski wrote:
This is a known issue that has been reported to MS already. The two well
known commercial vulnerability scanners use this technique to determine the
administrator account name. At least one of them also tries to list all the
user names through this method.

Just a note about who gets credit for this one - Dominique and I worked on
this together at the first part of the year.  We'd both batted some theory
around, and I wrote the first code to accomplish this - he then took it and
improved on it significantly.  I certainly have to share the credit with
him as it was definately a joint effort.

To the best of my knowledge, no one else (outside MS) knew about this when
we worked it out.

David LeBlanc
dleblanc () mindspring com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]