Microsoft Windows Inaccurate Login Logging Vulnerability

Microsoft Windows Inaccurate Login Logging Vulnerability

Recent versions of Microsoft Windows include the ability to restrict and audit local logins. It is possible to define a security policy limiting the number of incorrect login attempts allowed before an account is locked out, and to log successful and failed login attempts.

Under some configurations, a locked account may still locally unlock the machine. Under some circumstances, this may be done while leaving only a failed authentication message in the system log file.

This vulnerability may result in successful break-ins going undetected.

It has been reported that Windows XP as a standalone system is not vulnerable, the system must belong to a domain.