Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Hidden accounts on sony vaio laptops
From: "Williams, James K" <James.Williams () ca com>
Date: Tue, 8 Nov 2005 13:49:33 -0500


Not a Sony issue.  This setup has been documented by MS 
since the release of Windows XP in 2001.

"Q: How can I add an Administrator password to make my 
computer more secure?

A: Another way to make your computer more secure is to 
assign a password to the Administrator account, which is 
blank by default. An Administrator account is a user account 
that has full permissions and control over a computer, can 
gain access to and modify all user accounts on a computer, 
and can only be accessed from safe mode."

http://www.microsoft.com/windowsxp/using/setup/getstarted/installqa.mspx

Regards,

Ken Williams ; Dir. Vuln Research 
Computer Associates ; 0xE2941985

List:       bugtraq
Subject:    Hidden accounts on sony vaio laptops
From:       yash.kadakia () securityforge ! com
Date:       2005-11-07 14:08:09

Sony Vaio laptops require you to create a user account the
first time you start your laptop. If the user you select 
is not "Administrator", Sony still goes ahead and creates 
a user "Administrator" with a blank password. 

This user does not show up in control panel under User 
Accounts but if you do start up in safemode the laptop 
allows you to login as Administrator. 

This gives an attacker an opportunity to gain 
administrative access to a computer and access to create 
add delete or modify user accounts.

This is basically a backdoor account that is hidden from 
the user and compromises the security of all Sony Vaio 
laptops.
                                                           


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]