[Thinkpad] Removing CMOS battery bypasses power-on password
Jon Etkins
jon at snikte.net
Mon Oct 2 17:15:14 CDT 2006
James H. E. Maugham wrote:
> Jon Etkins scribbled on Monday, October 02, 2006 4:19 PM:
>
>> I'm not sure if this is SOP for all modern Thinkpads, but it
>> certainly seemed like a security hole to me. Anyone who has
>> eschewed the HDD password in the belief that the power-on
>> password is sufficient might like to think again, too.
>
> It's by design and is the means for removing an unknown Power On Password
> (POP) on all new Thinkpads.
>
> It has _NO_ effect on the Supervisor Password however, nor the HD password.
It still strikes me as a security loophole. After all, one can easily
remove a forgotten POP by means of the Administrator p/w, and if one
doesn't know that, then IMHO one has no business bypassing the POP.
________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
More information about the Thinkpad
mailing list