adminblankpw, accountblankpw

Vulnerability Description

Brief description: Windows NT user or administrator has blank or null password

Full description: A Windows NT user or administrator has a blank or empty password. This makes password authentication always succeed for the user.

Components: authentication system

Systems: Windows NT

Effect(s) of exploiting: The attacker gets the privileges of the user.

Detecting the hole:

1. Use an auditing tool to check user passwords.

Fixing the hole:

1. 1. Configure Windows NT to enforce a password policy that disallows such passwords.

Other information:

Keywords

password

Cataloguing

PA Classification(s):

RISOS Classification(s):

DCS Classification(s):

CVE Number: CAN-1999-0504 -- A Windows NT local user or administrator account has a default, null, blank, or missing password.

Exploit Information

Attack:

Related Information

Advisories:

Related Vulnerabilities:

Reportage

Reporting: in ( )

Revision Number 1

1. Patrick LeBlanc (6/29/2000):