Re: hacking the logon

From: jared (dresarii@hotmail.com)
Date: 06/08/02 

From: "jared" <dresarii@hotmail.com>
Date: Sat, 8 Jun 2002 12:14:50 -0700

ok, i understand what you are saying on most everything. my
problem is within windows, not the bios, i know that much.
i know this because it occurs at the login prompt/welcome
screen by ctrl-alt-deleting as you had said.

but i am still at square one as far as fixing this problem
goes.
i know exactly the following because i watched him do it.

when the welcome screen came up, and he was given a choice
of users, he hit ctrl-alt-delete, left both the username
and password fields blank at the login prompt accessible
through ctrl-alt-deleting, and by doing that he logged on
to an account with which he created new users. i assume
this 'account' has admin rights if it can create new users.

so we tweaked with winxp settings, and took the entire
welcome screen out, so that a login promt came up instead.
again, we left both the username and password fields blank,
and again we logged onto this 'account' and had access to
everything.

how do i prevent this? ive downloaded all security fixes
from windowsupdate.com, and have even searched the net for
rogue fixes, but still we are able to access this 'account'.
if my computer is the only one with this problem, does
anybody have any suggestions on how to stop this?

thanks-
jared

>-----Original Message-----
>Sorry I missed the mention of Pro in first post.
>You are saying Welcome screen, and also login prompt,
>as if they are the same, but they are different things.
>Since you have two boxes, I assume it is the login prompt,
>the same one gets if you do two alt-cntrl-del at the Welcome
>screen or if you have the Welcome screen disabled.
>
>None of my systems behave this way. I can get it so that
>I can leave the password field blank by not having a password
>on the account, but I do have to enter a username.
>
>You said,
>> 4. you are asked for your username and password before you
>> cant continue booting.
>If you did mean "before . . . booting" finishes, this is
something
>that you set in the machine's BIOS and is not part of Windows.
>If you meant after booting finishes, at the Windows login
prompt
>then it would seem something is very "modified" in your
install.
>
>--
>Roger Abell
>MVP (Windows Platform) Associate Expert
>The Expert Zone - www.microsoft.com/windowsxp/expertzone
>
>"jared" <dresarii@hotmail.com> wrote in message
>news:c78401c20efe$f3504000$19ef2ecf@tkmsftngxa01...
>> ok, i am refferring to the welcome screen or the logon
>> prompt, depending on what you have it set to. everybody who
>> has their XP account password protected is familiar with
>> this dialogue. i should _not_ have to describe what the
>> logon dialogue/welcome screen are, but i might as well
>> because it seems i am the only one who knows what this is.
>> we'll take it from step one.
>> 1. you turn on your computer.
>> 2. windows loads.
>> 3. the welcome screen or the logon prompt dialogue appear.
>> 4. you are asked for your username and password before you
>> cant continue booting.
>>
>> on the logon prompt, if you leave both the username and
>> password fields blank, it will log you on to an anonymous
>> account with all access rights. try it for yourself, i dare
>> you.
>>
>> and as i already said, i am running XP Pro.
>>
>> >-----Original Message-----
>> >Both fields of what dialog? The unlock dialog of some
>> >third-party screensaver you have loaded?
>> >This is not how XP authentication dialogs behave for me.
>> >Please clarify OS version: Home/Pro, and what dialog
>> >with two fields.
>> >
>> >--
>> >Roger Abell
>> >MVP (Windows Platform) Associate Expert
>> >The Expert Zone - www.microsoft.com/windowsxp/expertzone
>> >
>> >"jared" <dresarii@hotmail.com> wrote in message
>> >news:c85101c20ec4$4b3b94d0$3aef2ecf@TKMSFTNGXA09...
>> >> ok, heres what happens. i leave my computer alone for 15
>> >> minutes while i run some errands. i locked the
workstation
>> >> (i am running xp pro and the admin account is password
>> >> protected) so that to get on, they would have to know my
>> >> password. so my friend calls me, and says, 'i just got
>> >> onto your computer. im accessing all of your files as we
>> >> speak'. so i ask 'what? how'd you know my pass?' he says
>> >> he didnt, he said that if you leave both fields blank at
>> >> the logon dialouge, you can get on an account with full
>> >> acess rights. i was in disbeleif, so i had him show me
>> >> when i got back. it worked. he got onto an account with
>> >> all rights simply by leaving both fields blank. what is
>> >> the problem? it doesnt make sense that windows could have
>> >> such a huge security flaw. i paid all this money for
>> >> something that can be h{wO@o@ĺ acked by simply leaving both
>> >> fields blank? pffffft. this never happened with linux.
>> >
>> >
>> >.
>> >
>
>
>.
>

Relevant Pages