
Windows NT Event Log
This vulnerability enables an intruder to read the application, system, or
security log on a Windows NT computer. Any user who is allowed to access the
computer from the network can read the application and system logs, so this test
may show nothing more than the fact the person running the scanner is allowed to
access the scanned machine. However, if the scanning user is not one who
should have access to the scanned machine, it can indicate that the guest account is
enabled and is allowed to access the computer from the network. If the
security log has been accessed, it shows that the scanning user has administrator
level access to the scanned machine. If the scanning user should not have that
level of access, it indicates the user permissions may be set incorrectly, or in
the worst case, the guest account is enabled and is a member of the
administrators group.
Typically, the application log does not contain information an intruder may
find useful. However, some applications may write sensitive information to the
application log. One such application is the Ataman Telnet, Rlogin and Rexec
services.
Risk: Low to high
OS Vulnerable: Windows NT
Fix: Check the