Hi All, It has been a while since I played with this so I may have my facts wrong. 1. When you install Ghost it creates the account automatically using the format GHOST_MACHINE for the account name. 2. The password it uses for the account is the same as the account name i.e. GHOST_MACHINE. What this means is that you do not have to have access to the registry to know what the passord is as long as you know what the machine name is. 3. The account does not belong to any local user group and so can't be used to log on locally to the box. I don't know what network access privilages you can get from this account. It would seem that the problem is more a default installation problem rather than having the password in plain text in the registry. If you manually change the password on the account to a more secure password and update the entry in the registry things should be more secure. My feeling is that it does not matter what rights the account has on the box, just having a known account with known password is a security risk as it makes you more vulnerable to a rights escalation exploit. Regards Peter > -----Original Message----- > From: saabstoryat_private [mailto:saabstoryat_private] > Sent: 27 February 2002 03:13 > To: bugtraqat_private > Subject: Re: Symantec LiveUpdate > > > > In-Reply-To: <LPBBLOPHKCDACODGKEFJIEGLDDAA.pcmiller61at_private> > > You are right about the Ghost keys being stored as > clear text. What you might not realize is that the > rights to the key require Administrator privileges. > > Try navigating to the key logged in as someone other > than Administrator. You can't get there.
This archive was generated by hypermail 2b30 : Thu Feb 28 2002 - 19:49:53 PST