Re: [EC-SA-01.2003] Windows XP "welcome screen" exposes the names of all the members of the local administrators group
From: Andrew G. Tereschenko (secure.bugtraq@tag.odessa.ua)
Date: 03/08/03
- Previous message: Mitja Kolsek: "RE: JRun: The Easiness of Session Fixation"
- Maybe in reply to: Eitan Caspi: "[EC-SA-01.2003] Windows XP "welcome screen" exposes the names of all the members of the local administrators group"
- Next in thread: Andrew G. Tereschenko: "Re: [EC-SA-01.2003] Windows XP "welcome screen" exposes the names of all the members of the local administrators group"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Andrew G. Tereschenko" <secure.bugtraq@tag.odessa.ua> To: <bugtraq@securityfocus.com> Date: Sat, 8 Mar 2003 02:45:06 +0200
> Direct solution:
> No direct solution at this time.
>
>
> Workaround:
> Avoid using the welcome screen and use only the normal logon screen.
>
http://www.kellys-korner-xp.com/xp_wel_screen.htm
or
http://www.google.com/search?q=%2BSpecialAccounts+%2BWindows+%2BXP
Wellknown and supported way to remove/hide users from Welcome screen.
Also I would like to note that there is a flaw in your report.
Any user can retrive lists or users and shares in default configuration
for NT4 and W2K using "null sessions". XP has some changes.
This was already discussed in
http://cert.uni-stuttgart.de/archive/focus-ms/2002/03/msg00088.html
Just wanna everything will be clear,
-- Andrew G. Tereschenko TAG Software Research Lab Odessa, Ukraine
- Previous message: Mitja Kolsek: "RE: JRun: The Easiness of Session Fixation"
- Maybe in reply to: Eitan Caspi: "[EC-SA-01.2003] Windows XP "welcome screen" exposes the names of all the members of the local administrators group"
- Next in thread: Andrew G. Tereschenko: "Re: [EC-SA-01.2003] Windows XP "welcome screen" exposes the names of all the members of the local administrators group"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
