mailing list archives
Re: name of built-in administrator
From: dleblanc () MINDSPRING COM (David LeBlanc)
Date: Tue, 28 Apr 1998 23:32:26 -0400
At 10:34 AM 4/28/98 -0500, Dominique Brezinski wrote:
This is a known issue that has been reported to MS already. The two well
known commercial vulnerability scanners use this technique to determine the
administrator account name. At least one of them also tries to list all the
user names through this method.
Just a note about who gets credit for this one - Dominique and I worked on
this together at the first part of the year. We'd both batted some theory
around, and I wrote the first code to accomplish this - he then took it and
improved on it significantly. I certainly have to share the credit with
him as it was definately a joint effort.
To the best of my knowledge, no one else (outside MS) knew about this when
we worked it out.
dleblanc () mindspring com