If you’re like me and you trust your wife to be the other admin on your desktop PC running Windows, you may have a serious security hole. I didn’t realize until recently, but if you’re logged in to Windows 7, or Windows Vista for that matter, and you’re an administrator, you get to change all users passwords, including the passwords of other admins without exception.
Now, if you try to change the password for your own account, you have to enter the old password before you can change it into a new one. But here’s the thing: for other users, even admins, there’s no such requirement. Of course it makes sense that you don’t have to enter their old password, how would you even know? But it doesn’t require you to enter your own either.
So, anyone at your PC, while it’s logged in under any admin account, can go and change the password of any other admin account. They can then go and log off, log on as the other admin with the new password and change the password of the account they were logged in as before. Log off again, log on as the original admin and you have total control of the machine. Of course, there’s some tracks left behind – for one, the other admin account no longer has its original password and there’s no easy way to fix that.
But it’s even worse, you don’t even need two admin accounts on the PC to have this problem. Any logged in admin can just go and promote any old user to admin. And creating a new user is trivial too. And by doing that, you can just clear your tracks by removing the temporary new admin once you’ve changed the password of the logged in original admin.
So, finding a PC logged in as an admin allows you to assume total control over it and the requirement to enter the old password to enter a new one is nothing but a wax nose… Just add that to the list of why Linux is more secure. The only good news here is that you can fix losing your password as long as you’re logged in as an admin, any admin.