Failed logouts in Windows NT and '95

Summary
Description:Some people "logout" of their NT boxes and leave, but NT sometimes fails due to hung processes and give the option to abort the logout.
Author:Peter da Silva <peter@BAILEYNM.COM>
Compromise:Take over someone's local console login
Vulnerable Systems:Windows NT 3.51, 4.0 and I believe Win95 is vulnerable
Date:3 May 1997
Notes:Not too big of a deal, but it should still be fixed
Details


Date: Sat, 3 May 1997 09:51:29 -0500
From: Peter da Silva <peter@BAILEYNM.COM>
    Peter da Silva <peter@BAILEYNM.COM>
To: NTBUGTRAQ@RC.ON.CA
Subject: NT user interface shortcoming.

I don't know whether you would call this a bug or not, but it's a security
problem.

In the course of my duties as wannabe NT expert and UNIX guru, I frequently
come across people who have logged off their NT workstation and left their
desks before they had finished logging off. In the upper left corner of the
screen is the familiar message that some task had hung and wasn't exiting,
and would I like to kill the task or abort the logout. All very nice and
polite, and a really convenient way for someone wandering by to get access
to the workstation without all that inconvenient playing about swapping disks
and other things likely to attract unwanted attention.

Is there any way to force NT to just blow everything away regardless?

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]