[12884] in bugtraq
Re: NT WinLogon VM contains plaintext password visible in admin
daemon@ATHENA.MIT.EDU (David LeBlanc)
Wed Dec 8 13:57:13 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id: <3.0.3.32.19991207111223.03f92570@mail.mindspring.com>
Date: Tue, 7 Dec 1999 11:12:23 -0800
Reply-To: David LeBlanc <dleblanc@MINDSPRING.COM>
From: David LeBlanc <dleblanc@MINDSPRING.COM>
X-To: Robert Horvick <rhorvick@GREATPLAINS.COM>,
BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <A7CB8F787221D2119ABB0008C724549601777B6E@exchange2.greatpl
ains.com>
At 08:40 AM 12/7/99 -0600, Robert Horvick wrote:
>While this does require admin rights for this to work the implications of
>social engineering or an exploit to run after compromising the admin account
>are obvious.
If you can get to be admin, why not just install a keyboard sniffer, and
get everything that comes into the console? It is still a good idea to fix
the problem, but if I can get an admin-level user to run a trojan, or
otherwise compromise a local admin account, the number of ways to hack any
subsequent user are bounded only by one's imagination. As a friend used to
say, "the mind boggles at the possibilities" <g>.
I've got an overall problem with 'exploits' that require admin access to
run - kind of like worrying about the windows being locked when the front
door has been successfully hit with the crowbar attack. If you can get to
be admin, you can modify the OS, and from there, you can do anything to any
user.
David LeBlanc
dleblanc@mindspring.com
