[NT] Blank Administrator Password on OEM Windows XP Installation

From: SecuriTeam (support_at_securiteam.com)
Date: 07/10/05

  • Next message: SecuriTeam: "[NT] Microsoft Windows NTFS Improper Handler Closing" 
    To: list@securiteam.com
Date: 10 Jul 2005 11:16:51 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Blank Administrator Password on OEM Windows XP Installation
    ------------------------------------------------------------------------

    SUMMARY

    DELL OEM XP Processional has a default hidden administrator account, with
    no password set. Use of this account will allow anyone with physical
    access to the computer to fully control the computer, add spyware,
    keystroke loggers, password stealing software and read all files,
    including temp files, local files, documents, and any email that has been
    stored locally.

    DETAILS

    Vulnerable Systems:
     * DELL Laptops with pre installed Microsoft Windows XP Professional SP2

    Immune Systems:
     * DELL Laptops with Retail Microsoft Windows XP professional, RTM, SP1
    and SP2

    A retail setup implementation of Microsoft Windows XP Professional
    Edition, "Out-of-Box Experience" (OOBE), requires that the installer be
    given the option to add an Administrator account. During the installation,
    the XP Installer states : "You must provide a name and an Administrator
    password for your computer. Setup creates a user account called
    Administrator. You use this account when you need full access to your
    computer." While setup will not require that a password actually be
    entered, it does stress that one SHOULD be entered. Additionally, the user
    is prompted to create a regular user account for general use.

    In contrast, the DELL setup implementation of Microsoft Windows XP
    Professional Edition does not include such steps. The existence of an
    administrator account is never mentioned. Instead, the setup asks: "Who
    will use this computer? Type the name of each person who will use this
    computer. Windows will create a separate user account for each person so
    you can personalize the way you want Windows to organize and display
    information, protect your files and computer settings, and customize the
    desktop. These names will appear on the Welcome screen in alphabetical
    order. When you start Windows, simply click your name on the Welcome
    screen to begin. If you want to set passwords and limit permissions for
    each user, or add more user accounts after you finish setting up Windows,
    just click CONTROL PANEL in the START menu, and then click USER ACCOUNTS."
    By default, none of the accounts added in this step have passwords. Nor is
    their an option to set passwords during the install. While this is not
    unique to the IBM install, it is a known weakness in the Windows XP OOBE,
    including retail and OEM versions. Because the Administrator account was
    never requested, this leaves the system in a very vulnerable state.

    CVE Information:
     <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0504>
    CAN-1999-0504

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:scheidell@secnap.net>
    Michael Scheidell.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[NT] Microsoft Windows NTFS Improper Handler Closing"

    Relevant Pages

    • Re: Cannot connect to the Internet
      ... My Windows 2000 pro PC is connected to the internet (Local Area ... Connection 2 Status icon shows "Connected" with a speed of 10.0 ... Posted via a free Usenet account from http://www.teranews.com ... user account which is interfering with the PC. ...
      (microsoft.public.mac.virtualpc)
    • Re: Windows Passwords
      ... "Windows Vista for Dummies" manual. ... I started by creating a test user account. ... The reason I say this is that, when I turned the Guest ...
      (microsoft.public.windows.vista.general)
    • Re: How do I boot to my Desktop instead of the Windows XP login screen
      ... just now finished a complete reinstall of XP and all programs. ... Windows threw me a blank sign on during the next restart and there was no ... I'll NEVER AGAIN delete an account in a dialog window!!! ... enter the password for the user account you selected ...
      (microsoft.public.windowsxp.basics)
    • Re: System hangs on start-up. ???
      ... system scan while logged in under the new administrator account. ... MS-MVP Windows Shell/User ... > adminstrator and added another user account. ... >> How to Remove Welchia worm ...
      (microsoft.public.windowsxp.general)
    • Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator
      ... This is common in most Pre-Installed Windows System. ... > Administrator account allows local Administrator ... IBM Systems with preinstalled Microsoft ...
      (Bugtraq)