Weird WinME Login Bug

From: Blyke (blyke@webmasterclub.de)
Date: 08/01/02


From: Blyke <blyke@webmasterclub.de>
To: vuln-dev@securityfocus.com
Date: Thu, 1 Aug 2002 22:47:19 +0200

Hi there,
I just found a bug in WindowsME. Please check, if it works with you, too, or
if it's just a local problem with my setup. I'm sorry, if someone already sent
this bug to the mailinglist, but I couldn't find such a thread.

 Regards,

     blyke

 Risk: Little?
 Weirdness factor: High

 This bug enables you to login to someone else's profile, without knowing
 that persons password. This is no real security risk, as you can access
 anyones files, anyway.

 How it works:
 Your WinME box must be configured, so it starts with the Microsoft Network
 login. After one failed login try, the normal login screen appears.
 (Thats the default setup, when using the Microsoft Network Login).

 1. Start your computer
 2. When the login appears, enter the users ID and some other password
 3. Now login with your own combination
 => The desktop you will see, is not yours, but the desktop of the first
 username you entered.

 Explanation:
 I can't really explain this phenomena, but the most likely explanation is,
 that the login functions of windows save the username of the first login
 attempt in one variable, and then just check, if the combination "username"
 and "password" are right, but don't check, if the new username entered is
 the same as the one entered in the family login. If the combination works,
 the profile, that is started, though, is the one of the username, saved
 before.
 Please inform me, if you find out anything else about that bug, or if some
 of the things, I mentioned here, prove to be wrong.



Relevant Pages

  • [kde] Re: Possible bug in kwin or ??
    ... FWIW, I'm not sure if that's a general "your", directed at any kde ... If it offends someone to the extent that the bug handling ... Browser cookies do expire. ... By logging it at the actual login page each time, ...
    (KDE)
  • [kde] Re: Possible bug in kwin or ??
    ... FWIW, I'm not sure if that's a general "your", directed at any kde people ... If it offends someone to the extent that the bug handling ... FWIW, for bug databases at least, I let the browser remember my login info ...
    (KDE)
  • RE: New Virus, Corrupt registry, or What?
    ... I thought it was strange but did not pay any ... Next problem it tell me to setup my internet connection. ... > user has been created that is able to login with the user name. ... > The older username is still under documents and setting with all my ...
    (microsoft.public.win2000.general)
  • SiteMinder Multiple Vulnerabilities
    ... 3: Bug Impact Rate: Medium / Hi ... eTrust SiteMinder delivers the marketís most advanced security management capabilities ... the login page of a site. ...
    (Bugtraq)
  • [Full-disclosure] SiteMinder Multiple Vulnerabilities
    ... 3: Bug Impact Rate: Medium / Hi ... eTrust SiteMinder delivers the market's most advanced ... the login page of a site. ...
    (Full-Disclosure)