mailing list archives
RE: Symantec LiveUpdate
From: "Peter Miller" <pcmiller61 () yahoo com>
Date: Thu, 28 Feb 2002 14:09:07 +0200
It has been a while since I played with this so I may have my facts wrong.
1. When you install Ghost it creates the account automatically using the
format GHOST_MACHINE for the account name.
2. The password it uses for the account is the same as the account name i.e.
GHOST_MACHINE. What this means is that you do not have to have access to the
registry to know what the passord is as long as you know what the machine
3. The account does not belong to any local user group and so can't be used
to log on locally to the box. I don't know what network access privilages
you can get from this account.
It would seem that the problem is more a default installation problem rather
than having the password in plain text in the registry. If you manually
change the password on the account to a more secure password and update the
entry in the registry things should be more secure.
My feeling is that it does not matter what rights the account has on the
box, just having a known account with known password is a security risk as
it makes you more vulnerable to a rights escalation exploit.
From: saabstory () yahoo com [mailto:saabstory () yahoo com]
Sent: 27 February 2002 03:13
To: bugtraq () securityfocus com
Subject: Re: Symantec LiveUpdate
In-Reply-To: <LPBBLOPHKCDACODGKEFJIEGLDDAA.pcmiller61 () yahoo com>
You are right about the Ghost keys being stored as
clear text. What you might not realize is that the
rights to the key require Administrator privileges.
Try navigating to the key logged in as someone other
than Administrator. You can't get there.
- RE: Symantec LiveUpdate Peter Miller (Mar 01)