Default Passwords

[phandentium]

I have discovered something really creepy Today. Apperantly my friend Ben Plaut discovered some sort of "Default Password" for Windows NT on Usenet. He booted into safe mode and entered a password for my administrator account in safe mode and he got in.

I don't know how he did it, but he just did. I know for a fact that it isn't my own password because my administrator password is shorter than what he entered.

I don't require the password but rather some form of a counter measure. Enabling a Hard Drive password via my BIOS makes sure he can't get in but I need to be sure that there is no way he can enter this password again.

Oh and on the same note, I heard that Microsoft was trying to keep this password on the down-low, and that those who've released this password publicly have been silenced, perhaps Microsoft is keeping this password for their own benefit?

 

[fixal0t]

What version of NT? Is it pre-NT 4.0?

 

[KSoD]

This could also be for those who dont change the password during install.

I know for a fact that during all my installs i change all passwords from default to prevent this from happening. Let alone having a BIOS password.

 

[phandentium]

Well it's for NT 5.1 meaning Windows XP, well I saw this default password on Windows XP but I heard that it works on Windows 2000 as well.

I called Microsoft and they confirmed it to me.

They said a few things, if they told me it doesn't exist then they get in big federal trouble. However if they told me the password they would also get in some deep trouble. They wouldn't provide any other information.

So the password exists, it's not a bug, Microsoft knows about it. The question is, why did they not do anything about the password?

 

[KSoD]

As i stated it is most likely for those who do NOT change it on install. I bet you can send me the password and it will NOT work on my system since i have changed my passwords.

The default password is nothing. Just hit enter. It is that way when you get a OEM system from Dell or where ever. Just click that accoutn and hit enter. Either that or Admin. But most of the time it isnt even set.

So point being, when you install make sure to set a Admin password. That way you avoid this problem.

 

[phandentium]

I have set an admin password already. I even stated this earlier as well.

Let me rephrase this, I have an administrator password, why would I not. My friend entered another password and got in, it WASN'T my own password because it was too big.