[41093] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Hidden accounts on sony vaio laptops

daemon@ATHENA.MIT.EDU (yash.kadakia@securityforge.com)
Mon Nov 7 21:41:57 2005

Date: 7 Nov 2005 14:08:09 -0000
Message-ID: <20051107140809.19713.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: yash.kadakia@securityforge.com
To: bugtraq@securityfocus.com

Sony Vaio laptops require you to create a user account the first time you start your laptop. If the user you select is not "Administrator", Sony still goes ahead and creates a user "Administrator" with a blank password. 

This user does not show up in control panel under User Accounts but if you do start up in safemode the laptop allows you to login as Administrator. 

This gives an attacker an opportunity to gain administrative access to a computer and access to create add delete or modify user accounts.

This is basically a backdoor account that is hidden from the user and compromises the security of all Sony Vaio laptops.

--
Securityforge: For all your security needs (http://www.securityforge.com)
Dbtech: Get the best programmers for your buisness (http://www.dbtech.org)


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[41093] in bugtraq

Hidden accounts on sony vaio laptops

daemon@ATHENA.MIT.EDU (yash.kadakia@securityforge.com)Mon Nov 7 21:41:57 2005

daemon@ATHENA.MIT.EDU (yash.kadakia@securityforge.com)
Mon Nov 7 21:41:57 2005