[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Insufficient Authentication vulnerability in Acer notebooks
Try the "net user password ..." command (from the CMD prompt). That'll save you from
having to do it in safe mode.
----- Original Message -----
Sent: Monday, May 11, 2009 10:14 PM
Subject: Re: Insufficient Authentication vulnerability in Acer notebooks
That is I standard issue with Windows XP. With any installation of it you have to boot
in safe mode and manually set a password on the hidden admin account.
Sent from my Verizon Wireless BlackBerry
From: David Sánchez Martín <dsanchez@xxxxxxxx>
Date: Mon, 11 May 2009 15:55:04
Subject: RE: Insufficient Authentication vulnerability in Acer notebooks
Is not that a simple design decission? (truly brain-dead, but a
De: MustLive [mailto:mustlive@xxxxxxxxxxxxxxxxxx]
Enviado el: domingo, 10 de mayo de 2009 15:23
Asunto: Insufficient Authentication vulnerability in Acer notebooks
I want to warn you about vulnerability in Acer notebooks.
It's Insufficient Authentication vulnerability. Which I found
two my notebooks. At these notebooks Windows XP Home Rus is
using, in case
of other OS the vulnerability can be also present.
In Windows XP Home in default administrator's account
is empty password. And it does not set equal to password of
when admin account is creating during first start of notebook
(as it happens
during installation of Windows XP). So with physical access
anybody can enter into the system with administrator's rights.
Vulnerable models of notebooks: Acer TravelMate 2313LC, Acer
2413LC and potentially other models.
I mentioned about these vulnerability at my site
Best wishes & regards,
Administrator of Websecurity web site