Bugtraq: Re: Hidden accounts on sony vaio laptops

Bugtraq mailing list archives

Re: Hidden accounts on sony vaio laptops

From: "Williams, James K" <James.Williams () ca com>
Date: Tue, 8 Nov 2005 13:49:33 -0500


Not a Sony issue.  This setup has been documented by MS 
since the release of Windows XP in 2001.

"Q: How can I add an Administrator password to make my 
computer more secure?

A: Another way to make your computer more secure is to 
assign a password to the Administrator account, which is 
blank by default. An Administrator account is a user account 
that has full permissions and control over a computer, can 
gain access to and modify all user accounts on a computer, 
and can only be accessed from safe mode."

http://www.microsoft.com/windowsxp/using/setup/getstarted/installqa.mspx

Regards,

Ken Williams ; Dir. Vuln Research 
Computer Associates ; 0xE2941985

List:       bugtraq
Subject:    Hidden accounts on sony vaio laptops
From:       yash.kadakia () securityforge ! com
Date:       2005-11-07 14:08:09

Sony Vaio laptops require you to create a user account the
first time you start your laptop. If the user you select 
is not "Administrator", Sony still goes ahead and creates 
a user "Administrator" with a blank password. 

This user does not show up in control panel under User 
Accounts but if you do start up in safemode the laptop 
allows you to login as Administrator. 

This gives an attacker an opportunity to gain 
administrative access to a computer and access to create 
add delete or modify user accounts.

This is basically a backdoor account that is hidden from 
the user and compromises the security of all Sony Vaio 
laptops.

By Date By Thread

Current thread:

Hidden accounts on sony vaio laptops yash . kadakia (Nov 08)
- <Possible follow-ups>
- Re: Hidden accounts on sony vaio laptops Williams, James K (Nov 08)