IBM OEM Windows XP Home Default Hidden Administrator Account

2004-09-15T00:00:00
ID OSVDB:10050
Type osvdb
Reporter Jason Lash()
Modified 2004-09-15T00:00:00

Description

Vulnerability Description

The OEM version of Windows XP Home from IBM contains a flaw that may allow a malicious user to arbitrary manipulate a system. The problem is that the product contains a default hidden administrator account with a blank password. It is possible that the flaw may allow arbitrary system manipulation resulting in a loss of integrity.

Technical Description

You must have physical access to the system, since a blank password on an account prevents remote logins.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Under control panel, go to Administrative Tools. Open Computer Management. Go to System Tools->Local Users and Groups->Users. Set a password for the administrator account.

Short Description

The OEM version of Windows XP Home from IBM contains a flaw that may allow a malicious user to arbitrary manipulate a system. The problem is that the product contains a default hidden administrator account with a blank password. It is possible that the flaw may allow arbitrary system manipulation resulting in a loss of integrity.

References:

Vendor URL: http://www.ibm.com/us/ Security Tracker: 1011344 Nessus Plugin ID:10394 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0170.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0607.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0203.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0623.html Mail List Post: http://archives.neohapsis.com/archives/vulndiscuss/2004-q3/0019.html ISS X-Force ID: 17412 CVE-1999-0504 CVE-2005-3595 Bugtraq ID: 11199