| VID |
28002 |
| Severity |
40 |
| Port |
139 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The autologon password is readable. If the latest Windows NT 4.0 Service Pack has not been applied, attackers can read the autologon password and freely access the system.
Windows system includes a feature that lets you log on into the system without supplying a username and password. When using the auto-logon feature, Windows system will not prompt for a username and password during boot, but will rather logon straight into the pre-configured user account. This is excellent for situations where there's only one person working on the workstation, in a physically secure environment (for example, at home). However, this auto-logon scheme opened a huge hole since the username and the password were saved in cleartext in the registry - everyone with read access to the relevant keys (including remote access) could see the password, and this is evidently a problem. Windows 2000 uses a different scheme, where the password is no longer stored in the registry in clear text. But someone with physical access to the machine can use this feature to log into the system without specifying a username and password.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.securiteam.com/windowsntfocus/3N5QBSAPPA.html
http://www.iss.net/security_center/static/4.php |
| Recommendation |
Disable autologon, protect the Winlogon registry key, and apply the latest Windows NT 4.0 Service Pack.
If autologon is not being used, disable autologon. To disable autologon feature, follow these steps:
1. From the Windows NT Start menu, select Run.
2. Type "regedt32", and press Enter.
3. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon key.
4. Double-click AutoAdminLogon and set its value to 0.
5. If DefaultPassword entry exists, delete it.
--AND--
To install the latest Windows NT 4.0 Service Pack, follow these steps:
1. Open a web browser.
2. Go to http://support.microsoft.com/support/ntserver/Content/ServicePacks/ and follow the directions to download the appropriate service pack for your computer.
3. Find the installation program you downloaded to your computer.
4. Double-click the program icon to start the installation.
5. Follow the installation directions.
Windows NT 4.0 SP3 or later service packs create the winreg key. |
| Related URL |
CVE-1999-0535 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
