mailing list archives
Re: Hidden accounts on sony vaio laptops
From: "Williams, James K" <James.Williams () ca com>
Date: Tue, 8 Nov 2005 13:49:33 -0500
Not a Sony issue. This setup has been documented by MS
since the release of Windows XP in 2001.
"Q: How can I add an Administrator password to make my
computer more secure?
A: Another way to make your computer more secure is to
assign a password to the Administrator account, which is
blank by default. An Administrator account is a user account
that has full permissions and control over a computer, can
gain access to and modify all user accounts on a computer,
and can only be accessed from safe mode."
Ken Williams ; Dir. Vuln Research
Computer Associates ; 0xE2941985
Subject: Hidden accounts on sony vaio laptops
From: yash.kadakia () securityforge ! com
Date: 2005-11-07 14:08:09
Sony Vaio laptops require you to create a user account the
first time you start your laptop. If the user you select
is not "Administrator", Sony still goes ahead and creates
a user "Administrator" with a blank password.
This user does not show up in control panel under User
Accounts but if you do start up in safemode the laptop
allows you to login as Administrator.
This gives an attacker an opportunity to gain
administrative access to a computer and access to create
add delete or modify user accounts.
This is basically a backdoor account that is hidden from
the user and compromises the security of all Sony Vaio