|
|
Microsoft Windows NT 不正确记录登陆信息漏洞
发布时间:2002-01-25
更新时间:2002-01-25
严重程度:中
威胁程度:其它
错误类型:设计错误
利用方式:服务器模式
BUGTRAQ ID:3933
受影响系统Microsoft Windows NT 4.0SP6a
+ Microsoft Windows NT Enterprise Server 4.0SP6a
+ Microsoft Windows NT Server 4.0SP6a
+ Microsoft Windows NT Terminal Server 4.0SP6a
+ Microsoft Windows NT Workstation 4.0SP6a
Microsoft Windows NT 4.0SP5
+ Microsoft Windows NT Enterprise Server 4.0SP5
+ Microsoft Windows NT Server 4.0SP5
+ Microsoft Windows NT Terminal Server 4.0SP5
+ Microsoft Windows NT Workstation 4.0SP5
Microsoft Windows NT 4.0SP4
+ Microsoft Windows NT Enterprise Server 4.0SP4
+ Microsoft Windows NT Server 4.0SP4
+ Microsoft Windows NT Terminal Server 4.0SP4
+ Microsoft Windows NT Workstation 4.0SP4
Microsoft Windows NT 4.0SP3
+ Microsoft Windows NT Enterprise Server 4.0SP3
+ Microsoft Windows NT Server 4.0SP3
+ Microsoft Windows NT Terminal Server 4.0SP3
+ Microsoft Windows NT Workstation 4.0SP3
Microsoft Windows NT 4.0SP2
+ Microsoft Windows NT Enterprise Server 4.0SP2
+ Microsoft Windows NT Server 4.0SP2
+ Microsoft Windows NT Terminal Server 4.0SP2
+ Microsoft Windows NT Workstation 4.0SP2
Microsoft Windows NT 4.0SP1
+ Microsoft Windows NT Enterprise Server 4.0SP1
+ Microsoft Windows NT Server 4.0SP1
+ Microsoft Windows NT Terminal Server 4.0SP1
+ Microsoft Windows NT Workstation 4.0SP1
Microsoft Windows NT 4.0
+ Microsoft Windows NT Enterprise Server 4.0
+ Microsoft Windows NT Server 4.0
+ Microsoft Windows NT Terminal Server 4.0
+ Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Enterprise Server 4.0SP6a
Microsoft Windows NT Enterprise Server 4.0SP5
Microsoft Windows NT Enterprise Server 4.0SP4
Microsoft Windows NT Enterprise Server 4.0SP3
Microsoft Windows NT Enterprise Server 4.0SP2
Microsoft Windows NT Enterprise Server 4.0SP1
Microsoft Windows NT Enterprise Server 4.0
Microsoft Windows NT Server 4.0SP6a
Microsoft Windows NT Server 4.0SP5
Microsoft Windows NT Server 4.0SP4
Microsoft Windows NT Server 4.0SP3
Microsoft Windows NT Server 4.0SP2
Microsoft Windows NT Server 4.0SP1
Microsoft Windows NT Server 4.0
Microsoft Windows NT Terminal Server 4.0SP6a
Microsoft Windows NT Terminal Server 4.0SP5
Microsoft Windows NT Terminal Server 4.0SP4
Microsoft Windows NT Terminal Server 4.0SP3
Microsoft Windows NT Terminal Server 4.0SP2
Microsoft Windows NT Terminal Server 4.0SP1
Microsoft Windows NT Terminal Server 4.0
Microsoft Windows NT Workstation 4.0SP6a
Microsoft Windows NT Workstation 4.0SP5
Microsoft Windows NT Workstation 4.0SP4
Microsoft Windows NT Workstation 4.0SP3
Microsoft Windows NT Workstation 4.0SP2
Microsoft Windows NT Workstation 4.0SP1
Microsoft Windows NT Workstation 4.0 详细描述
Micorsoft windows能限制和审核本地登陆,可以定制安全措施限制在一帐户在
限定不正确登陆尝试的情况下被锁。
在某些配置下,被锁的帐户本地仍旧能解开系统,相关消息请参看如下地址:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q188700;在某
些环境下,这个操作只会记录认证失败的消息在系统日志文件中。
如果用户已经知道你的密码并使用W2K的安全漏洞登陆到你的系统将不会记录任何
登陆登出信息在系统安全日志中。
这个漏洞可以导致系统成功被入侵而不会被检测到。
测试代码
见描述部分
解决方案
建议按照Microsoft's Knowlege Base Article Q188700 正确设置注册键值。
相关信息
"Frank Heyne" <fh@rcs.urz.tu-dresden.de>.
参考:http://www.securityfocus.com/archive/1/251800
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q188700
|
