• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Identix BioLogon GINA Authentication Bypass Vulnerability

Identix BioLogon is a software utility which provides support for biometric security measures (fingerprint readers, smartcards, etc.) on Microsoft Windows operating systems. Part of its design is to help restrict unauthorized users from physically accessing the host.

It is possible for a physical attacker to bypass the GINA (Graphical Identification and Authentication) interface. This may be accomplished if the attacker presses CTRL-ALT-DEL to access the GINA interface, and then selects the "More" option. Events may be selected and the attacker may initiate browsing. On Windows XP systems, the attacker selects the "Configure / Sounds" option after "More" to select events. Browsing grants system-level access to the host.