Vulnerability Note VU#902110
Reflection for Secure IT Windows Server can allow login to renamed built-in accounts
WRQ Reflection for Secure IT Windows Server 6.0 can allow a user to login to a Windows built-in account with the default name (Administrator and Guest) after they are renamed.
Microsoft Windows includes the built-in accounts Administrator and Guest. If those accounts are renamed after SSH key authentication has been configured, the SSH keys associated with the account before the rename may continue to be accepted for authentication by Reflection for Secure IT Windows Server 6.0.
A malicious user can use the SSH keys of the account before the rename to gain authenticated access.
Workaround #1 (from WRQ):
Change the server configuration using the GUI as follows:
Note: The doubled back slashes ( \\ )are required. Both the sshd2_config and admin.config files should have their file protections changed to permit only the Administrator group to access to these files.
Workaround #2 (from WRQ):
Create a folder in the "Documents and Settings" folder with the renamed user name (such as, New-Admin-Name) and create an .ssh2 folder there (for example, C:\Documents and Settings\New-Admin-Name\.ssh2. Then move - do not copy - all public key files and the authorization file to this new folder.
Remember to set the file protections on these folders to permit only the New-Admin-Name user access to these files.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|WRQ, Inc.||Affected||-||28 Jul 2005|
|F-Secure Corporation||Not Affected||-||28 Jul 2005|
CVSS Metrics (Learn More)
Thanks to WRQ for reporting this issue.
This document was written by Hal Burch.
- CVE IDs: Unknown
- Date Public: 25 Aug 2005
- Date First Published: 31 Aug 2005
- Date Last Updated: 16 Sep 2005
- Severity Metric: 0.11
- Document Revision: 15
If you have feedback, comments, or additional information about this vulnerability, please send us email.