Blank Passwords

The following is something I discovered while at PlateSpin. It is really an awesome company =) The message has been modified to censor out any PlateSpin-relevant content.

In Windows XP, 2003, and higher, you can change your password to a blank password easily. However, this can ironically increase security for your computer! By default, you cannot remotely access your computer over the network or the Internet if your password is blank! Hence, hackers would not be able to use this method of remotely connecting to your computer to hack it. Hence, setting a blank password is good if the computer is physically secure, and you only have 1 computer or computers that do not to access other computers.

However, if you are desperate to allow remote access on a computer with a blank password, you can allow it… Open gpedit.msc and go to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options. Then disable Accounts -> “Limit local account use of blank passwords to console login only”. After that, you can remotely access the computer.

Note: These settings are not available in Windows 2000, ME, and earlier.

In Linux, login to root and go to “/etc/shadow” and look for your username. Let’s say you have “root:$1$aA9RiNmC$0NlogMx3oslqiHtPuPnqL.:14203:0::7:::”. Remove the second field so that it becomes “root::14203:0::7:::”. Now, you have a blank password (you do not have to go through all the steps above to allow remote access for blank passwords though)! Unfortunately, you are not able to merely change the password by simply using “passwd”, since the validation does not allow blank passwords. There are discussions in which you can find the encryption it uses in order to encrypt NULL, which, theoretically, leads to a blank password as well. These machines could be discovered without a problem.

Furthermore, interestingly enough, by default, ESXi servers have a blank root password!