| VID |
27033 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Windows system contains an Administrator account with the password that Internet worms use to break into the system, which may be infected by various Internet worms such as W32/Deloder, W32/Lioten, W32/Lovgate, W32/Slackor.
local account is given logon privileges to a local host and access privileges to the resources in local host which was created . It's needed other account for access to the resources of other hosts. This account information is stored in the SAM(Security Accounts Manager) on the local host. Account management and password management is important in preventing unauthorized access to your system. If the password of Administrator account can be guessed, attackers can guess and log on the system easily using this account. And they may access sensitive information as the files, the printer and system resources as the user/group account, security policy with the administrator privileges. You should make sure that only the proper users are member of this Administrator group.
* Note: This check attempts to log into the remote system with the following passwords. These are a list of the passwords used by Internet worms:
"!@#$", "!@#$%", "!@#$%^", "!@#$%^&"
"0", "000000", "00000000", "007", "1",
"110", "111", "111111", "11111111", "12",
"121212", "123", "123123", "1234", "12345",
"123456", "1234567", "12345678", "123456789",
"1234qwer", "123abc", "123asd", "123qwe",
"2002", "2003", "2600", "54321", "654321",
"88888888", "Admin", "Internet", "Login",
"Password", "a", "aaa", "abc", "abc123", "abcd",
"admin", "admin123", "administrator", "alpha",
"asdf", "computer", "database", "enable", "foobar",
"god", "godblessyou", "home", "ihavenopass", "login",
"love", "mypass", "mypass123", "mypc", "mypc123",
"oracle", "owner", "pass", "passwd", "password",
"pat", "patrick", "pc", "pw", "pw123", "pwd", "qwer",
"root", "secret", "server", "sex", "super", "sybase",
"temp", "temp123", "test", "test123", "win", "xp",
"xxx", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"yxcv", "zxcv", "321", "guest", "666666", "888888", "abcdef", "abcdefg",
* References:
http://www.cert.org/advisories/CA-2003-08.html
* Platforms Affected:
Microsoft Windows Any version |
| Recommendation |
Change password to be difficult to guess immediately.
To change the password
For Windows NT:
1. Open User Manager.
2. Select the user from the list.
3. Select 'Properties' entry from the User menu.
4. Type new password and confirm new password.
For a Windows 2000 domain:
1. Start Active Directory Users and Computers Management Console (dsa.msc) from a command prompt.
2. Open the Users folder and right-click the user Object.
3. Select "Reset Password".
4. Type new password and confirm password.
For a stand-alone Windows 2000 computer:
1. Start Local Users and Groups Management Console (lusrmgr.msc) from a command prompt.
2. Open the Users folder and right-click the user object.
3. Select "Set Password".
4. Type new password and confirm new password.
For Windows XP, 2003, VISTA, 7, 2008, 8, 2012, 10, 2016, 2019:
1. Start menu, select Run and then execute lusrmgr.msc
2. Open [Local Users and Groups] -> [Users] folder and select the User.
3. Right mouse click on the User entry.
4. Select "Set Password".
5. Type new password and confirm new password. |
| Related URL |
CVE-1999-0503 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
282 (ISS) |
|
