IBM Windows NT GINA Replacement Authentication Bypass Vulnerability

vendor:

Windows NT

by:

Unknown

7.5

CVSS

HIGH

Authentication Bypass

CWE

Product Name: Windows NT

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE: o:microsoft:windows_nt

Metasploit:

Other Scripts:

Platforms Tested: Windows NT

Unknown

IBM Windows NT GINA Replacement Authentication Bypass Vulnerability

A user can add any group to the Local Administrators group on Windows NT hosts running IBM's GINA replacement. By creating a specific Registry key under HKLMSystemCurrentControlSetServicesIBMNeTNT, non-administrators can modify the GroupMapping key to include a group name that will be added to the administrators group upon the next reboot.

Mitigation:

Unknown

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/608/info

IBM has written a replacement GINA for Windows NT to allow NT hosts to authenticate against OS/2 domains. On machines running the modified GINA, the creation of a specific Registry key under HKLM\System\CurrentControlSet\Services\IBMNeTNT may allow a user to add any Group to the "Local Administrators" group upon next reboot. ACL permissions over this key allow non-administrators to create the necessary key and value.

Modify the following Registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IBMNeTNT\GroupMapping

to include

Value Name: GroupName (where group name is the name of the group to add the the administrators group)
Data Type: Reg_SZ
String: Administrators

Reboot the host.