Paid Advertising
web application security lab

The Irony of Admin Passwords In Multi Admin Environments

I don’t know what was wrong with my finger this morning but I simply could not get my finger print scanner to work on my laptop. I probably tried at least 100 times. Yes, I was frustrated. My finger hurt, and I was yelling at my laptop. Finally magic happened and whatever random thing I was doing that was causing it to fail stopped happening and I got in. Time for the finger print scanner to go and switch back to passwords. Finger print scanning isn’t super secure anyway. So there, I was, trying to remember an admin password for my account that I set up the day I built my laptop, but had not used once since then. Forget it, my passwords are simply too complex for me to remember if I don’t use them regularly. So what to do? Sure I could crack the password - the thought went through my head, but I really didn’t want to go mess with cain & abel at 6 in the morning.

As an administrator on my Windows NT box I can make other administrator accounts, and change anyone else’s password, just not my own. So instead I created a new admin user, switched to that account, and then changed my original admin user’s password, switched back to that account and then got rid of my second admin account. Herein lies some serious irony. Why can I create admin account that have the ability to modify my own admin password but I don’t even have the power to do that? I’ve seen a different philosophy on UNIX systems. As root I can create new users, chmod, chown, change other people’s passwords, put them in administrator groups and give them sudo access. So it makes sense that when I type passwd I should be able to change my own administrator password without a password prompt.

While it may not make sense for root users to have that much power without having to authenticate to insure they aren’t being hijacked at least it’s consistent with the rest of the security model. I think the same thing applies in lots of different types of web applications too. Administrators should have total access over their users, and should be able to create other administrators, but ultimately they should be asked for their password to perform any function that could subvert their user (or not at all). Either way it should be consistent with the rest of the security model. Maybe this is all academia, but it sure was annoying this morning!

6 Responses to “The Irony of Admin Passwords In Multi Admin Environments”

  1. Jeremiah Blatz Says:

    Also, of course, it’s just the UI that’s preventing you from changing your password. You can burn a linux boot CD that will helpfully blank out your password for you. I think I used the last time I forgot my admin password.

  2. Awesome AnDrEw Says:

    I always counted on these types of features when I lost access to an account. It also reminds me of an old, but still existing, vulnerability on certain messageboards.

  3. General_html Says:

    You can use the passwd command from Cygwin in the /bin directory to change the password of the local account without knowing the old password

  4. hackathology Says:

    Rsnake, since the box is at ur home. It would be good that you write your passwords down in a notebook, so you can always refer back. No one else would get into ur house, so it should be safe.

  5. RSnake Says:

    @hackathology - there is no way on earth I would consider my house safe. I have a gfnd, and random haX0rs are over all the time. Nope, if it’s not in my brain it’s not anywhere. If I get amnesia, I’m screwed!

  6. hackathology Says: