| VID |
27001 |
| Severity |
20 |
| Port |
139 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The default "Administrator" account exists.
Through the initial installation of the operating system such as the Windows NT, 2000 and XP, it has a built in account named "Administrator". Because this "Administrator" account is a member of the Administrator group by default, anyone using this account has full and complete rights to everything on the host.
The Administrator account cannot be deleted, disabled and also deleted from the Administrator group, but it can be renamed. The reason is that it prevents the host from being unused by deleting/disabling all the account. As a result, this account cannot be locked out though too many incorrect logon attempts. A remote attackers can guess the password of this account by a brute force attack if a poor password is used.
* References:
http://www.iss.net/security_center/static/28.php |
| Recommendation |
Set a strong "Administrator" password and rename the "Administrator" account.
For Windows NT/2000 :
1. Right Click the My Computer Icon on the Desktop and choose Manage from the Pop up menu.
2. Click the Plus sign to the left of the Local Users and Groups icon.
3. Click the Users folder and right-click the account named Administrator.
4. Choose Rename from the pop up menu.
5. Type a new name in the box beside the Administrator icon.
6. Right-click on the account name and choose "Set Password" from the menu.
7. Enter a strong password.
For Windows XP, 2003 :
1. Select "Control Panel" from the "START" menu and select the "User Accounts" icon.
2. Select "Change an account" from the "Pick a task.." sub menu.
3. Select the "Administrator" icon.
4. Choose "Change my name" from the "What do you want to change about your account" menu.
5. Type a new name for the account and click the "Change Name" button.
6. Choose "Change my password" from the "What do you want to change about your account" menu.
7. Type a strong password and click the "Change Password" button.
For Windows 7, 2008, 8, 2012, 10, 2016, 2019:
1. Start Windows Explorer.
2. Right-click on [My Computer] and select [Manage]
3. Go to [Computer Management] -> [System Tools] -> [Local Users and Groups] ->[Users]
4. Select the "Administrator" icon.
5. Right-click on the "Administrator", and select [Properties]
6. Check "Account is disabled" |
| Related URL |
CVE-1999-0585 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
