Win2000 Security flaw?

R

regmaster

How is it possible that a user, with the same name and password, can log
into a domain were only his username and password exits?

What I've found:

A customer of us wanted to use Visio-Web via IE6. Usually Visio works with
the account from the one who's logged into the system. So in this case that
user did not exist in our AD cuz our customer is not allowed on our network.
When we created that user, with exact the same name and password, it worked.
This could mean that if I know a certain username/password and I create the
same account on my local domain I can log into that domain, as long as there
is a network connection possible.
This can't be true, or is it? And how do I get rid of this 'functionality'?

thanks.



Reg.
 
P

Paul Adare - MVP - Microsoft Virtual PC

microsoft.public.win2000.security news group, regmaster
This can't be true, or is it? And how do I get rid of this 'functionality'?
Click to expand...

This is by design, is the way the security subsystem works, it has
worked this way since NT 3.1 was released, and it is well documented.
 
S

Scott Harding - MS MVP

Always been this way. I don't really see it as a security hole as they have
to have the username and password match so the account had to be created by
the admin. in both places.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

LastPass security flaw identified 0
Can a GINA STUB fulfil my requirement? 0
Possible security issue??? 2
HELP !!! User cannot log into the Terminal Server 2
Security Alert: Windows 2000 Expired Password Vulnerability 2
Login To Domain With No Problems 1
Problem joining domain 3
IIS integrated windows authentification suddenly failes for some ? 3

Top