hi folk, Is not that a simple design decission? (truly brain-dead, but a conscious decission). > -----Mensaje original----- > De: MustLive [mailto:mustlive@xxxxxxxxxxxxxxxxxx] > Enviado el: domingo, 10 de mayo de 2009 15:23 > Para: bugtraq@xxxxxxxxxxxxxxxxx > Asunto: Insufficient Authentication vulnerability in Acer notebooks > > Hello SecurityFocus! > > I want to warn you about vulnerability in Acer notebooks. > > It's Insufficient Authentication vulnerability. Which I found > 28.04.2009 in > two my notebooks. At these notebooks Windows XP Home Rus is > using, in case > of other OS the vulnerability can be also present. > > In Windows XP Home in default administrator's account > ?Administrator? there > is empty password. And it does not set equal to password of > first admin, > when admin account is creating during first start of notebook > (as it happens > during installation of Windows XP). So with physical access > to notebook, > anybody can enter into the system with administrator's rights. > > Vulnerable models of notebooks: Acer TravelMate 2313LC, Acer > TravelMate > 2413LC and potentially other models. > > I mentioned about these vulnerability at my site > (http://websecurity.com.ua/3127/). > > Best wishes & regards, > MustLive > Administrator of Websecurity web site > http://websecurity.com.ua > >
Attachment:
smime.p7s
Description: S/MIME cryptographic signature