| VID |
28004 |
| Severity |
30 |
| Port |
139 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
Autologon feature in the Windows NT/2000 is enabled. Someone with physical access to the machine can use this feature to log into the windows system without specifying a username and password.
When using the auto-logon feature, Windows system will not prompt for a username and password during boot, but will rather logon straight into the pre-configured user account. This is excellent for situations where there's only one person working on the system, in a physically secure environment (for example, at home).
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* Platforms Affected :
Microsoft Windows NT, 2000
* References:
http://www.securiteam.com/windowsntfocus/3N5QBSAPPA.html
http://xforce.iss.net/xforce/xfdb/5 |
| Recommendation |
To disable autologon feature, follow these steps:
1. From the Windows NT Start menu, select Run.
2. Type "regedt32", and press Enter.
3. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon key.
4. Double-click AutoAdminLogon and set its value to 0.
5. If DefaultPassword entry exists, delete it. |
| Related URL |
CVE-1999-0549 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
