How does LogonUser API work to prevent impersonating users?
From: Brian E (brian_anon_at_hotmail.com)
Date: 11 Aug 2004 05:07:44 -0700
I am trying to understand how the LogonUser API works.
I would like to utilize the credentials of the currently logged on
user as the basis for authenticating access to a client-server
application. Currently, the application only forwards the user name
of the currently logged on user.
Since we use a standard naming convention for usernames I can easily
impersonate another user. I could install a standalone system and
create a local user account that matches the username of the
application administrator. When I start the client it forwards the
Windows username of the currently logged on user to the application.
Access is then granted.
Obviously I do not know the Windows password for the application
administrator but have been able to get access.
How does LogonUser API work to prevent this situation (i.e. creating a
similar account on another machine)?