Hi there,
I just found a bug in WindowsME. Please check, if it works with you, too, or
if it's just a local problem with my setup. I'm sorry, if someone already sent
this bug to the mailinglist, but I couldn't find such a thread.
Regards,
blyke
Risk: Little?
Weirdness factor: High
This bug enables you to login to someone else's profile, without knowing
that persons password. This is no real security risk, as you can access
anyones files, anyway.
How it works:
Your WinME box must be configured, so it starts with the Microsoft Network
login. After one failed login try, the normal login screen appears.
(Thats the default setup, when using the Microsoft Network Login).
1. Start your computer
2. When the login appears, enter the users ID and some other password
3. Now login with your own combination
=> The desktop you will see, is not yours, but the desktop of the first
username you entered.
Explanation:
I can't really explain this phenomena, but the most likely explanation is,
that the login functions of windows save the username of the first login
attempt in one variable, and then just check, if the combination "username"
and "password" are right, but don't check, if the new username entered is
the same as the one entered in the family login. If the combination works,
the profile, that is started, though, is the one of the username, saved
before.
Please inform me, if you find out anything else about that bug, or if some
of the things, I mentioned here, prove to be wrong.
This archive was generated by hypermail 2b30 : Fri Aug 02 2002 - 00:55:08 PDT