Re: [EC-SA-01.2003] Windows XP "welcome screen" exposes the names of all the members of the local administrators group

From: Andrew G. Tereschenko (secure.bugtraq@tag.odessa.ua)
Date: 03/08/03

  • Next message: EnGarde Secure Linux: "[ESA-20030307-008] 'file' ELF parsing routine buffer overflow vulnerability."
    From: "Andrew G. Tereschenko" <secure.bugtraq@tag.odessa.ua>
    To: <bugtraq@securityfocus.com>
    Date: Sat, 8 Mar 2003 02:45:06 +0200
    
    

    > Direct solution:
    > No direct solution at this time.
    >
    >
    > Workaround:
    > Avoid using the welcome screen and use only the normal logon screen.
    >

    http://www.kellys-korner-xp.com/xp_wel_screen.htm
    or
    http://www.google.com/search?q=%2BSpecialAccounts+%2BWindows+%2BXP

    Wellknown and supported way to remove/hide users from Welcome screen.

    Also I would like to note that there is a flaw in your report.
    Any user can retrive lists or users and shares in default configuration
    for NT4 and W2K using "null sessions". XP has some changes.
    This was already discussed in
    http://cert.uni-stuttgart.de/archive/focus-ms/2002/03/msg00088.html

    Just wanna everything will be clear,

    --
    Andrew G. Tereschenko
    TAG Software Research Lab
    Odessa, Ukraine
    

  • Next message: EnGarde Secure Linux: "[ESA-20030307-008] 'file' ELF parsing routine buffer overflow vulnerability."