Microsoft Windows Installation ADMIN$ Share Arbitrary Access

2000-02-15T00:00:00
ID OSVDB:297
Type osvdb
Reporter Stephane Aubert(stephane.aubert@hsc.fr)
Modified 2000-02-15T00:00:00

Description

Vulnerability Description

Microsoft Windows contains a flaw that may allow a remote attacker to bypass authentication settings. The issue is triggered during the installation routine, which does not activate the Administrator password upon reboot. It is possible that the flaw may allow a remote attacker to arbitrary access the ADMIN$ share without a password, resulting in a loss of confidentiality and/or integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Microsoft Windows contains a flaw that may allow a remote attacker to bypass authentication settings. The issue is triggered during the installation routine, which does not activate the Administrator password upon reboot. It is possible that the flaw may allow a remote attacker to arbitrary access the ADMIN$ share without a password, resulting in a loss of confidentiality and/or integrity.

References:

Vendor URL: http://www.microsoft.com/ Nessus Plugin ID:10394 Mail List Post: http://cert.uni-stuttgart.de/archive/bugtraq/2000/02/msg00364.html Mail List Post: http://cert.uni-stuttgart.de/archive/bugtraq/2000/02/msg00235.html CVE-2000-0222 Bugtraq ID: 990