|
Home > Archive > Application Center Administration > June 2004 > ACL account hackable?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
ACL account hackable?
|
|
| Mike Hahn 2004-04-29, 9:37 am |
| I received an email from our internal security department flagging the
appcenter ACL_ acounts as having "hackable" passwords. Out of curiosity, I
dumped the sam on a server and ran it through a popular cracking utility to
find that the "LM Password" was "empty". But, upon checking, it seems that
the ACL_ account's password is not truly blank.
Can anyone comment on the security of the ACL_ accounts? I don't want to be
forced into changing the passwords on 200+ servers due to a technicality.
Thanks.
Mike
| |
| George Cheng [MSFT] 2004-04-29, 10:36 am |
| These passwords should not be changed.
829156 INFO: Changes to Application Center 2000 ACL and ACC Computer
Accounts
http://support.microsoft.com/?id=829156
Thank You
George Cheng
Microsoft Application Center & Index Server Support
Note: This article has no warranties implicit or explicit.
All the content is given on the "as is" basis and the user
takes full responsibility for its use and assumption.
Microsoft Corporation Copyright 2004
All Rights Reserved
--------------------
| From: "Mike Hahn" <pyl03eqa9001@sneakemail.com>
| Subject: ACL account hackable?
| Date: Thu, 29 Apr 2004 09:05:33 -0400
| Lines: 15
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <Oe7#loeLEHA.3516@TK2MSFTNGP11.phx.gbl>
| Newsgroups: microsoft.public.applicationcenter.admin
| NNTP-Posting-Host: 12-220-231-221.client.insightbb.com 12.220.231.221
| Path:
cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11
.phx.gbl
| Xref: cpmsftngxa10.phx.gbl microsoft.public.applicationcenter.admin:5270
| X-Tomcat-NG: microsoft.public.applicationcenter.admin
|
| I received an email from our internal security department flagging the
| appcenter ACL_ acounts as having "hackable" passwords. Out of curiosity,
I
| dumped the sam on a server and ran it through a popular cracking utility
to
| find that the "LM Password" was "empty". But, upon checking, it seems
that
| the ACL_ account's password is not truly blank.
|
| Can anyone comment on the security of the ACL_ accounts? I don't want to
be
| forced into changing the passwords on 200+ servers due to a technicality.
|
| Thanks.
|
| Mike
|
|
|
|
| |
|
| Nice side step of the real question. Is it secure? Is the PW blank?
----- "George Cheng [MSFT]" wrote: -----
These passwords should not be changed.
829156 INFO: Changes to Application Center 2000 ACL and ACC Computer
Accounts
http://support.microsoft.com/?id=829156
Thank You
George Cheng
Microsoft Application Center & Index Server Support
Note: This article has no warranties implicit or explicit.
All the content is given on the "as is" basis and the user
takes full responsibility for its use and assumption.
Microsoft Corporation Copyright 2004
All Rights Reserved
--------------------
| From: "Mike Hahn" <pyl03eqa9001@sneakemail.com>
| Subject: ACL account hackable?
| Date: Thu, 29 Apr 2004 09:05:33 -0400
| Lines: 15
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <Oe7#loeLEHA.3516@TK2MSFTNGP11.phx.gbl>
| Newsgroups: microsoft.public.applicationcenter.admin
| NNTP-Posting-Host: 12-220-231-221.client.insightbb.com 12.220.231.221
| Path:
cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11
.phx.gbl
| Xref: cpmsftngxa10.phx.gbl microsoft.public.applicationcenter.admin:5270
| X-Tomcat-NG: microsoft.public.applicationcenter.admin
|
| I received an email from our internal security department flagging the
| appcenter ACL_ acounts as having "hackable" passwords. Out of curiosity,
I
| dumped the sam on a server and ran it through a popular cracking utility
to
| find that the "LM Password" was "empty". But, upon checking, it seems
that
| the ACL_ account's password is not truly blank.
|
| Can anyone comment on the security of the ACL_ accounts? I don't want to
be
| forced into changing the passwords on 200+ servers due to a technicality.
|
| Thanks.
|
| Mike
|
|
|
|
| |
| George Cheng [MSFT] 2004-06-08, 12:01 am |
| From the article I referred to
When the ACL account and the ACC account are created, they are assigned
randomly generated password strings of 14 characters. The passwords are
assigned to the Microsoft Windows accounts, and are kept (in encrypted
format) in the Microsoft Internet Information Services metabase so that
they can be used during cluster operations.
Thank You
George Cheng
Microsoft Application Center & Index Server Support
Note: This article has no warranties implicit or explicit.
All the content is given on the "as is" basis and the user
takes full responsibility for its use and assumption.
Microsoft Corporation Copyright 2004
All Rights Reserved
--------------------
| Thread-Topic: ACL account hackable?
| thread-index: AcRKVYUDcSKGXctzRGuPaRxjdcyWTQ==
| X-WN-Post: microsoft.public.applicationcenter.admin
| From: "=?Utf-8?B?U3RldmU=?=" <anonymous@discussions.microsoft.com>
| References: <Oe7#loeLEHA.3516@TK2MSFTNGP11.phx.gbl>
<FLYlGafLEHA.1136@cpmsftngxa10.phx.gbl>
| Subject: RE: ACL account hackable?
| Date: Fri, 4 Jun 2004 10:01:03 -0700
| Lines: 62
| Message-ID: <B592BF0F-2280-470A-95BF-0C1AAE5F525F@microsoft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.applicationcenter.admin
| Path: cpmsftngxa10.phx.gbl
| Xref: cpmsftngxa10.phx.gbl microsoft.public.applicationcenter.admin:5413
| NNTP-Posting-Host: tk2msftcmty1.phx.gbl 10.40.1.180
| X-Tomcat-NG: microsoft.public.applicationcenter.admin
|
| Nice side step of the real question. Is it secure? Is the PW blank?
----- "George Cheng [MSFT]" wrote: -----
These passwords should not be changed.
829156 INFO: Changes to Application Center 2000 ACL and ACC Computer
Accounts
http://support.microsoft.com/?id=829156
Thank You
George Cheng
Microsoft Application Center & Index Server Support
Note: This article has no warranties implicit or explicit.
All the content is given on the "as is" basis and the user
takes full responsibility for its use and assumption.
Microsoft Corporation Copyright 2004
All Rights Reserved
--------------------
| From: "Mike Hahn" <pyl03eqa9001@sneakemail.com>
| Subject: ACL account hackable?
| Date: Thu, 29 Apr 2004 09:05:33 -0400
| Lines: 15
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <Oe7#loeLEHA.3516@TK2MSFTNGP11.phx.gbl>
| Newsgroups: microsoft.public.applicationcenter.admin
| NNTP-Posting-Host: 12-220-231-221.client.insightbb.com 12.220.231.221
| Path:
cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11
.phx.gbl
| Xref: cpmsftngxa10.phx.gbl
microsoft.public.applicationcenter.admin:5270
| X-Tomcat-NG: microsoft.public.applicationcenter.admin
|
| I received an email from our internal security department flagging
the
| appcenter ACL_ acounts as having "hackable" passwords. Out of
curiosity,
I
| dumped the sam on a server and ran it through a popular cracking
utility
to
| find that the "LM Password" was "empty". But, upon checking, it
seems
that
| the ACL_ account's password is not truly blank.
|
| Can anyone comment on the security of the ACL_ accounts? I don't
want to
be
| forced into changing the passwords on 200+ servers due to a
technicality.
|
| Thanks.
|
| Mike
|
|
|
|
|
|
|
|
|
|