[41102] in bugtraq
Re: Hidden accounts on sony vaio laptops
daemon@ATHENA.MIT.EDU (Williams, James K)
Tue Nov 8 13:59:31 2005
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Date: Tue, 8 Nov 2005 13:49:33 -0500
Message-ID: <D7DDF83751235046BFAC82E1244EB4C8090EED90@usilms23.ca.com>
From: "Williams, James K" <James.Williams@ca.com>
To: <bugtraq@securityfocus.com>
Content-Transfer-Encoding: 8bit
Not a Sony issue. This setup has been documented by MS
since the release of Windows XP in 2001.
"Q: How can I add an Administrator password to make my
computer more secure?
A: Another way to make your computer more secure is to
assign a password to the Administrator account, which is
blank by default. An Administrator account is a user account
that has full permissions and control over a computer, can
gain access to and modify all user accounts on a computer,
and can only be accessed from safe mode."
http://www.microsoft.com/windowsxp/using/setup/getstarted/installqa.mspx
Regards,
Ken Williams ; Dir. Vuln Research
Computer Associates ; 0xE2941985
> List: bugtraq
> Subject: Hidden accounts on sony vaio laptops
> From: yash.kadakia () securityforge ! com
> Date: 2005-11-07 14:08:09
>
> Sony Vaio laptops require you to create a user account the
> first time you start your laptop. If the user you select
> is not "Administrator", Sony still goes ahead and creates
> a user "Administrator" with a blank password.
>
> This user does not show up in control panel under User
> Accounts but if you do start up in safemode the laptop
> allows you to login as Administrator.
>
> This gives an attacker an opportunity to gain
> administrative access to a computer and access to create
> add delete or modify user accounts.
>
> This is basically a backdoor account that is hidden from
> the user and compromises the security of all Sony Vaio
> laptops.
