Vulnerability in DELL Windows XP Professional - default hidden Administrator account

Discussion in 'other security issues & news' started by diginsight, Jun 27, 2005.

Thread Status:
Not open for further replies.
  1. diginsight

    diginsight Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    225
    Location:
    Netherlands
    "DELL OEM XP Processional has a default hidden administrator account. Use of this account will allow anyone with physical access to the computer to fully control the computer, add spyware, keystroke loggers, password stealing software and read all files, including temp files, local files, documents, and any email that has been stored locally.
    DELL does not inform the installer of this account, nor give them the option of putting a password on this account. If a savvy installer finds the function to change the password for the Administrator account, they are warned that they could lose data. Security best practices REQUIRE a password on all administrative (and root) accounts.

    Full report
     
  2. squash

    squash Registered Member

    Joined:
    Mar 25, 2005
    Posts:
    313
    Re: Vulnerability in DELL Windows XP Professional - default hidden Administrator acco

    This doesn't apply to just Dell OEM XP... but applies to all Windows XP operated computers in general.

    You have to boot into safe mode and change the hidden Administrator account to be protected. I believe this to be a critical flaw in the defaults of the Windows XP operating system, since I can go to any computer that does nto have an admin protected computer and wipe the files off or install trojans (Not implying that I will/do).

    This is good for those not technically indept in computers to know. :)
     
Loading...
Thread Status:
Not open for further replies.