> the difference between the accounts is almost > none... 1 is the default > admin account with a strong password that shows up > in the user manager. the > other three should not be there, and are not in the > user manager, yet, you > can still access the system with the use of one of > the three "ghost" accounts. Okay, this doesn't make much sense at all...b/c the name of the account that Retina found is "Administrator" in all three cases. So what you're saying is that the default Administrator account, with the name "Administrator", can be accessed via the strong password you provided it with, as well as these three others that Retina reported. > it's a little of setting to come in one day and find > two systems on the > back waters of your network with the ability to be > connected to with 3 passwords you never set. Understood...and I'm sure you meant "upsetting", rather than "of setting". > I tried to disable the default admin account in an > attempt to perhaps lock > out the "ghost" accounts. however when i tried to i > was presented with a > lovely message that the admin account can not be > diabled. Again, according to Retina, the default admin account IS the "ghost" accounts. > presently there are 4 sets of login/password that > can login to the systems > admin with my password > admin with admin reversed > admin with admin and > admin with nothing... Please be more clear/specific. According to your previous posts, the account found by Retina is "Administrator", not "admin". What is the name of the other "admin" account? > i am not aware of 2k having the ability to have one > account with multiple > passwords... and if i am mistake how would i disable > the other passwords. It's not...clearly indicates an issue of some kind. I'd like to ask that you dump the contents of the WinLogon key (please do NOT copy them...dump them and provide ALL information) and either send it to me, or post it to the list. There may be a trojaned GINA at work here... Thanks, Harlan __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Jul 14 2003 - 13:23:57 PDT