Title: IBM OEM Microsoft Windows XP And Windows XP SP1 Default Administration Account Vulnerability
Severity: HIGH
Description:
IBM distributes their own OEM version of Microsoft Windows XP operating systems that is slightly altered from the standard version that an end user would receive from Microsoft.
IBM OEM Microsoft Windows XP And Windows XP SP1 are both reported to contain a default passwordless administrative account.
Reportedly, during the installation process of IBMs OEM version of Windows XP and Windows XP SP1, the process automatically creates an administrator account and fails to set a password for it. There is reportedly no way to alter this process, and no explanation given that this account has been created, nor is there an explanation on how to add a password to the account.
Users installing this version of Microsoft Windows may fail to properly secure this account, allowing for local attackers to gain administrative privileges. Network access to accounts without passwords is denied, so this is only a local vulnerability.
This vulnerability reportedly only affects IBMs OEM version of Microsoft Windows XP and Windows XP Service Pack 1.
Affected Products:
- IBM Microsoft Windows XP 0.0.0OEM Version
- IBM Microsoft Windows XP 0.0.0SP1 OEM Version
References:
- Microsoft: Windows XP Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
