Everhart,Glenn
From:	Gerbert Orasche [gorasche@HYPERWAVE.COM]
Sent:	Thursday, February 12, 1998 8:24 AM
To:	NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject:	NT 4.0 identify bug?
Hello!

Writing an identification gateway I found out the following: Using the new
ID mode LOGON32_LOGON_NETWORK of the LogonUser API I encountered the
following behaviour:

.) if the user exists and pwd valid ==> logon OK
.) user exists pwd invalid ==> logon fails

which is expected behaviour, but in the case

.) non-existing user whatever pwd ==> logon OK

It is also possible to impersonate the returned token via DuplicateToken
with the SecurityImpersonation option or ImpersonateLoggedOnUser. The
platform is NT server 4.0 enterprise edition with SP3 acting as BDC. It
happens also on another NT Server 4.0 SP2 BDC and the 4.0 SP3 PDC.
Additionally a trusting domain is configured.

I have not explored yet what rights the non-existing user is granted.

A Microsoft developer is informed.

cu
___________________________________________________________________
Gerbert Orasche                    Hyperwave Research & Development
Senior Software Engineer                           Schloegelgasse 9
                                               A-8010 Graz, Austria

mailto://gorasche@hyperwave.com             Tel: ++43-316-820918-11
http://www.hyperwave.com                    Fax: ++43-316-820918-99
___________________________________________________________________