4

How secure is the Windows screensaver password? Seeing that screen saver passwords are used in the corporate world, is there any way of bypassing the screen saver after it is already running? Could a CD/DVD/USB be inserted and a program ran to close the screen saver that bypasses the password?

Gabriel Graves
  • 142
  • 4
  • 4
    This was indeed possible... with old Windows 98 boxes with autorun enabled on the CD-Rom drive. In this case, Windows would just launch the CD software without asking the user, and the software could do nasty things allowing to bypass screen saver password. Hopefully, Windows has improved its security over the ages, now I think all you will get today with the same procedure is a window opening behind the screen saver and waiting user confirmation BEFORE launching the software. However, when it comes to malicious USB devices, the question remains open for Windows specialists... – WhiteWinterWolf Feb 06 '15 at 11:07
  • 1
    Reminds me of how you could override the screensaver on Windows 3.1: You hammered the keyboard up to a point that all the input caused the machine to slow down - then you could press ctrl, alt + delete and end the unresponsive screensaver process. Bam, you're in! – SilverlightFox Feb 07 '15 at 10:46

1 Answers1

3

Possible intrusion methods to achieve this could be a hard reset of the computer, change boot priority, and insert media with code capable of bypassing login credential requirements.

(Hiren's boot CD or F4UCD for Win7 and earlier versions can do this).

Without restarting the computer, as GZBK said, if autoplay or autorun is enabled, then a USB may be recognized regardless of the computer being locked.

An additional method would require either a 0-day or unpatched vulnerability which uses the IP and/or MAC as a point of intrusion, making sure the malicious code has remote code injection abilities. With this RAT deployed against the system via the network, you wouldn't need to bypass the login, because you would already have access.

For practical purposes, the answer to your primary question is "secure, but with flaws."

You are better off using it, and using a difficult password, than not using one at all.

  • 1
    Have you got a URL for the mentioned "F4UCD"? Common search engines do not show any meaningful result except your own post. – WhiteWinterWolf Mar 21 '15 at 11:12
  • This is close but not quite F4UCD: [Hiren's BootCD](http://www.hiren.info/pages/bootcd) –  Apr 18 '15 at 04:11