IBM OEM Microsoft Windows XP And Windows XP SP1 Default Administration Account Vulnerability
IBM OEM Microsoft Windows XP And Windows XP SP1 are both reported to contain a default passwordless administrative account.
Reportedly, during the installation process of IBMs OEM version of Windows XP and Windows XP SP1, the process automatically creates an administrator account and fails to set a password for it. The user is not made aware of the account during installation.
Users installing this version of Microsoft Windows may fail to properly secure this account, allowing for local attackers to gain administrative privileges. Network access to accounts without passwords is denied, so this is only a local vulnerability.
This vulnerability reportedly only affects IBMs OEM version of Microsoft Windows XP and Windows XP Service Pack 1.