Serious security problem for domain!!

F

fimchick

OSNN Senior Addict
Joined
14 Mar 2004
Messages
276
please help! i just found this today, by accident -- I was adding a pc to the domain and when prompted for the username/password i left both fields blank and pressed enter...and it worked. i just tested a blank username and password on our vpn and it worked as well!!!

how is this possible??? is there somewhere I can look to see what it is and turn this damn hole off?

thank you!!!!!!!!!!!
 
Addendum -- after i connected with blank username/password, the Routing and Remote Access connection status showed my username (i'm domain admin) listed as one of the connected clients. As soon as i disconnect, it's gone...

what the???
 
Time to audit all the users in your admin groups. :)

I was just going over the way to add a comp to a domain... it's done within the PC I believe....

MSKB

4. Under Member of, type [your domain] for the Domain, and then click OK.

5.
The Domain Username and Password dialog box appears. You must supply an account that has privileges to join the domain.

I didn't know you could, but VPN can be configured to use blank username, password.

Example
 
Last edited:
Thanks for the reply. I figured it out a minute ago. I never thought about it, but the local admin password on all our machines is the same as the Administrator password on the domain. SOoooo, when I would hit enter, it would simply pass the same credentials over: username: administrator password: xxxxx and it would go through! wow, pretty scary for a few mins.... =]
 
fimchick said:
Thanks for the reply. I figured it out a minute ago. I never thought about it, but the local admin password on all our machines is the same as the Administrator password on the domain. SOoooo, when I would hit enter, it would simply pass the same credentials over: username: administrator password: xxxxx and it would go through! wow, pretty scary for a few mins.... =]
Click to expand...


Change the Domain password - more secure policy.

Why? I can hack a local admin password with 1 reboot. If I get lucky, one day I'll try that pass on the domain. ;) I don't hack, but I do know what a couple of right clicks AS a domain admin can do. :eek:
 
fimchick said:
Thanks for the reply. I figured it out a minute ago. I never thought about it, but the local admin password on all our machines is the same as the Administrator password on the domain. SOoooo, when I would hit enter, it would simply pass the same credentials over: username: administrator password: xxxxx and it would go through! wow, pretty scary for a few mins.... =]
Click to expand...
That's scary for more than a few minutes, but glad you discovered it.

My personal preference, disable the "administrator" account on the domain level. I prefer to enforce usernames 110% so it's easier to track through logging. I'd rather see someone named "john_doe" access a resource than "administrator", because that could be anyone with the credentials.

That, plus if the account gets out, all hell breaks loose :eek:
 
You must log in or register to reply here.

Members online

No members online now.
Total: 400 (members: 0, guests: 400)

Affiliates

lunarsoft.net techzonez.com

- Contact us to trade links -

OSNN OSNN NTFS XP-erience

Latest profile posts

Steevo
Steevo
Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
•••
Steevo
Steevo
Any of the SP crew still out there?
•••
Xie
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
•••
N
Nismo83
hello peeps... is been some time since i last came here.
•••
Electronic Punk
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.
•••

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back