Full Disclosure mailing list archives

RE: RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access

From: "Phillip R. Paradis" <prp17 () adelphia net>
Date: Fri, 17 Sep 2004 23:45:24 -0400

2) if you knew about it, and wanted to change it, they told 
you that you would lose data if you did!


Amazingly enough, they are telling the truth. Security-related information for
that account, such as personal certificates, saved passwords, etc., are deleted
if the password is reset. Because this includes the user's EFS certificate, any
files the user has encrypted with EFS are no longer recoverable unless someone
either backed up the certificate or created and saved a recovery certificate. I
would presume that since the account is "hidden", it has not been used, and no
such data exists.

Of course, one could merely log on with the (passwordless) Administrator account
and use the Change Password command to add one; this does not cause the loss of
whatever security data may be stored in that account's profile. One could also
simply disable the account rather than resetting it's password. (This can be
done from lusrmgr.msc, or via a group policy.)


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access, (continued)
- Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Chris Norton (Sep 17)
  - RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Michael Wilson, Contractor (Sep 17)
    - Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Shawn McMahon (Sep 18)
    - Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Larry Mitchell (Sep 20)
  - RE: Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access pingywon MCSE (Sep 17)
- RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Michael Scheidell (Sep 17)
- RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Michael Scheidell (Sep 17)
  - RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Michael Wilson, Contractor (Sep 17)
    - RE: RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Phillip R. Paradis (Sep 17)
    - Re: RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Valdis . Kletnieks (Sep 21)
  - RE: RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Phillip R. Paradis (Sep 17)
  - Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Chris Norton (Sep 18)
- RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Michael Scheidell (Sep 18)
- RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Michael Scheidell (Sep 18)
  - Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Shawn McMahon (Sep 18)
- RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access Michael Scheidell (Sep 18)
- Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access RandallM (Sep 18)