|
If local access to a non-networked PC under Windows 95 exists, it is possible to delete the password file ( name.PWL) belonging to a particular user ID. Access with this user ID is then possible without knowing the user password. This is critical if a non-networked Windows 95 computer is restricted for certain users, but an administrator ID (for example ADMIN) exists which possesses all privileges. By deleting ADMIN.PWL a restricted, but nonetheless authorised, user can thus log on as an administrator. The restrictions or guidelines set for the user are then by-passed.
© Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
last update: July 1999 |