[Am-info] Microsoft Windows NT Inaccurate Login Logging Vulnerability
Fred A. Miller
fm@cupserv.org
Mon, 28 Jan 2002 14:32:32 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Microsoft Windows NT Inaccurate Login Logging Vulnerability
BugTraq ID: 3933
Remote: No
Date Published: Jan 21 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/3933
Summary:
Recent versions of Microsoft Windows include the ability to restrict and
audit local logins. It is possible to define a security policy limiting
the number of incorrect login attempts allowed before an account is
locked out, and to log successful and failed login attempts.
It is possible, under some circumstances, to log into the local machine
while leaving a log event implying a failed login attempt. This
behavior has been reported to occur the account in question has been
locked due to multiple failed login attempts, as defined in the
security policy. In this case, a successful login attempt may be
logged as a failed attempt.
This vulnerability may result in successful break-ins going undetected.
- --
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8VadQIhTtc6nTZIIRAhCcAKCer2lVgk5fRbHyulRwwghPELZaXgCePV2U
h5dECJ05J9cqqZSBTV+qTBw=
=yrLb
-----END PGP SIGNATURE-----