Administrator username same as password

Risk Level: High risk vulnerability  High

Check or Attack Name: adminuserpw
Platforms: Windows NT
Description:

The Administrator account has the password set to the account name. Windows NT 4.0 Service Pack 2 (SP2) contains a password filter that can be installed, and Service Pack 3 allows checking of dictionary passwords. It is strongly recommended that non-trivial passwords be used.
Remedy:

Windows NT 4.0 Service Pack 2 (SP2) or Service Pack 3 (SP3) includes a password filter (PASSFILT.DLL) that allows system administrators to increase password strength. This filter is copied to %system root%\SYSTEM32 when the Service Pack is installed on the system. In networked environments, the password filter should be copied to the primary domain controller for the domain, and to any backup domain controllers in the event the server role in the domain changes.

—AND—

Set the administrator password to a minimum length of seven characters and change the password.

To set the minimum password length, follow these steps:

  1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
  2. Select the Administrator account from the list.
  3. From the Policies menu, select Account to display the Account Policy dialog box.
  4. For the Minimum Password Length, require a minimum length at least seven characters.
  5. Click OK.
  6. From the User menu, select Properties to display the User Properties dialog box.
  7. Type and confirm a non-trivial password.
  8. Click OK.

—AND—

To change the password, follow these steps:

  1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
  2. Select the Administrator account from the list.
  3. From the User menu, select Properties to display the User Properties dialog box.
  4. In the Password field, change the password.
  5. In the Confirm Password field, confirm the new password.
  6. Click OK.
References:

Microsoft Knowledge Base Article Q152841, Windows NT 4.0 Service Pack 3 Readme.txt File (40-bit), http://support.microsoft.com/support/kb/articles/Q152/8/41.asp

Microsoft Knowledge Base Article Q147798, Windows NT 4.0 Service Pack 3 Readme.txt File (128-bit), http://support.microsoft.com/support/kb/articles/Q147/7/98.asp

Microsoft Knowledge Base Article Q161990, How to Enable Strong Password Functionality in Windows NT, http://support.microsoft.com/support/kb/articles/q161/9/90.asp

Microsoft Knowledge Base Article Q161990, How to Enable Strong Password Functionality in Windows NT, http://support.microsoft.com/support/ntserver/serviceware/10141574.asp
X-Force Logo
Know Your Risks