[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Webroot Spy Sweeper Enterprise Adminpassord open to the world
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: [Full-Disclosure] Webroot Spy Sweeper Enterprise Adminpassord open to the world
- From: Frank Mileto <Frank.Mileto@xxxxxxxxxxxxxxxxxx>
- Date: Sat, 13 Nov 2004 07:27:19 -0600
<BODY><DIV>Not sure if this list is the right place for this.......</DIV>
<DIV>Spy Sweeper Enterprise from webroot </DIV>
<DIV><A
href="http://www.webroot.com/products/spysweeper/enterprise/";>http://www.webroot.com/products/spysweeper/enterprise/</A><BR> leaves
the admin password in plain site you can find it by going to </DIV>
<DIV>HKEY_LOCAL_MACHINESOFTWAREWebrootEnterpriseSpy Sweeperap</DIV>
<DIV>This can be done from the booted box or using chntpw from a
bootdisk(knoppix std, hiren)</DIV>
<DIV>This seems worse then just booting from boot disk and changing
password due the fact that a intruder now has the CORRECT admin password so
staff would not know that the box had been touched.</DIV>
<DIV> </DIV>
<DIV>Frank Mileto <BR>NE/FS Advocate Health Care(GSH)<BR><BR></DIV></BODY>
<p>
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged and/or
confidential information. If you are not the intended recipient of
this e-mail (or the person responsible for delivering this document to
the intended recipient), you are hereby notified that any
dissemination, distribution, printing or copying of this e-mail, and
any attachments thereto, is strictly prohibited. If you have received
this e-mail in error, please respond to the individual sending the
message and notify our office at 630-990-5655, and permanently delete
the original and any copy of any e-mail and any printout thereof.
<p>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html