Windows XP Passwords Rendered Useless

By Brett Glass  |  Posted 2003-02-14 Print this article Print

Noted Windows analyst Brian Livingston reports that inserting a Windows 2000 CD into an XP system gives complete admin access to that system, even without a password.

Windows guru Brian Livingston reports that inserting a Windows 2000 CD into an XP system allows one to bypass all password protection and manipulate any part of the machine at will. "Anyone with a Windows 2000 CD can boot up a Windows XP box and start the Windows 2000 Recovery Console," says Livingston. The intruder has Administrator privileges even if he or she does not provide a password, and can also assume the identity of any other user of the machine. "I notified four Microsoft executives of the XP flaw weeks ago, but havent yet received an official response," writes Livingston. "Theres no Knowledge Base article about it, and there may not even be a good solution to the problem." While one does need physical access to the machine to exploit the flaw, this will be little comfort to the administrators of academic computer laboratories and other facilities where users can easily pop a CD-ROM into a computer.
Brett Glass has more than 20 years of experience designing, building,writing about, and crash-testing computer hardware and software. (A born'power user,' he often stresses products beyond their limits simply bytrying to use them.) A consultant, author, and programmer based inLaramie, Wyoming, Brett obtained his Bachelor of Science degree inElectrical Engineering from the Case Institute of Technology and his MSEEfrom Stanford. He plans networks, builds and configures servers, outlinestechnical strategies, designs embedded systems, hacks UNIX, and writeshighly optimized assembly language.

During his rather eclectic career, Brett has written portions of the codeand/or documentation for such widely varied products as Borland's Pascal'toolboxes' and compilers, Living Videotext's ThinkTank, Cisco Systemsrouters and terminal servers, Earthstation diskless workstations, andTexas Instruments' TMS380 Token Ring networking chipset. His articleshave appeared in nearly every major computer industry publication.

When he's not writing, consulting, speaking, or cruising the Web insearch of adventure, he may be playing the Ashbory bass, teachingInternet courses for LARIAT (Laramie's community network and Internetusers' group), cooking up a storm, or enjoying 'extreme'-ly spicy ethnicfood.

To mail Brett, visit his Web form.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel