Bypass WinXP logon passwords by using a Win2k CD?

[Martin]

http://www.briansbuzz.com/w/030213/

Reader Tony DeMartino alerted me to the problem, which all administrators of Windows XP machines should immediately take to heart: Anyone with a Windows 2000 CD can boot up a Windows XP box and start the Windows 2000 Recovery Console, a troubleshooting program.
Windows XP then allows the visitor to operate as Administrator without a password, even if the Administrator account has a strong password.
The visitor can also operate in any of the other user accounts that may be present on the XP machine, even if those accounts have passwords.
Unbelievably, the visitor can copy files from the hard disk to a floppy disk or other removable media - something even an Administrator is normally prevented from doing when using the Recovery Console.

This problem is unrelated to a feature of XP that allows an Administrator to set up automatic logon when the Recovery Console is used. Even without the Registry entry that enables this, XP is vulnerable. (For info on that feature, see support.microsoft.com/?scid=kb;en-us;312149.)

Anybody wanna try it out and see if this actually works?

 

[KingNothing]

I think this was posted in Operating Systems, where the following two points were made:

1) This is a problem on *nix systems too.
2) Physical access to a machine is always bad where security is concerned.

 

[Kadarin]

Originally posted by: KingNothing
I think this was posted in Operating Systems, where the following two points were made:

1) This is a problem on *nix systems too.
2) Physical access to a machine is always bad where security is concerned.

True. Kind of makes it a non-issue. Technical question: If you set the BIOS to boot only from the C: drive, and lock the BIOS with a password, does this defeat the "exploit"?

 

[Metalloid]

Originally posted by: Astaroth33

Originally posted by: KingNothing
I think this was posted in Operating Systems, where the following two points were made:

1) This is a problem on *nix systems too.
2) Physical access to a machine is always bad where security is concerned.

True. Kind of makes it a non-issue. Technical question: If you set the BIOS to boot only from the C: drive, and lock the BIOS with a password, does this defeat the "exploit"?

Not if you have a screwdriver. Just reset CMOS jumper.

 

[Scarpozzi]

Well....first off, if you're REALLY concerned about security, why the hell would you ever run Microsoft?

Of course, most of the systems I run are Windows 2000....but we're consolidating most of our main enterprise systems to Netware 6. You can't beat 128 bit encryption... It just sucks because security is sooo weak when you're talking about protocols like pop, imap, ftp, and non-secured webdav. I can't wait until the standards change and the industry starts making more ssl-aware sub processors... Broadcom sells an accelerator, but I'm not sure how well that puppy works.

 

[Kadarin]

Originally posted by: Metalloid15

Originally posted by: Astaroth33

Originally posted by: KingNothing
I think this was posted in Operating Systems, where the following two points were made:

1) This is a problem on *nix systems too.
2) Physical access to a machine is always bad where security is concerned.

True. Kind of makes it a non-issue. Technical question: If you set the BIOS to boot only from the C: drive, and lock the BIOS with a password, does this defeat the "exploit"?

Not if you have a screwdriver. Just reset CMOS jumper.

Heh.. good point, that. If you're that paranoid, I suppose you could get a case designed to resist physical intrusion.

 

[Metalloid]

Originally posted by: Astaroth33

Originally posted by: Metalloid15

Originally posted by: Astaroth33

Originally posted by: KingNothing
I think this was posted in Operating Systems, where the following two points were made:

1) This is a problem on *nix systems too.
2) Physical access to a machine is always bad where security is concerned.

True. Kind of makes it a non-issue. Technical question: If you set the BIOS to boot only from the C: drive, and lock the BIOS with a password, does this defeat the "exploit"?

Not if you have a screwdriver. Just reset CMOS jumper.

Heh.. good point, that. If you're that paranoid, I suppose you could get a case designed to resist physical intrusion.

Or if you are really really paranoid, you could stand there with a big wooden stick and thwap anybody that does something you don't approve of.

 

[KingNothing]

Originally posted by: Metalloid15

Originally posted by: Astaroth33

Originally posted by: Metalloid15

Originally posted by: Astaroth33

Originally posted by: KingNothing
I think this was posted in Operating Systems, where the following two points were made:

1) This is a problem on *nix systems too.
2) Physical access to a machine is always bad where security is concerned.

True. Kind of makes it a non-issue. Technical question: If you set the BIOS to boot only from the C: drive, and lock the BIOS with a password, does this defeat the "exploit"?

Not if you have a screwdriver. Just reset CMOS jumper.

Heh.. good point, that. If you're that paranoid, I suppose you could get a case designed to resist physical intrusion.

Or if you are really really paranoid, you could stand there with a big wooden stick and thwap anybody that does something you don't approve of.

That's what I do. Works like a charm, and config is a snap.

 

[xBopx]

I guess this would concern people that run public libraries....

 

[Heisenberg]

This story is pretty silly. No matter the OS, if you have physical access to the machine, you can root it. It is mildly amusing that a win2k cd can be used to break into xp.

 

[FoBoT]

Originally posted by: KingNothing
2) Physical access to a machine is always bad where security is concerned.

physical security is an important but seperate issue

any "hack" that requires physical access is a physical security issue, not a network/computer security issue, IMO