undefined | Better HN

0 pointslondons_explore4y ago0 comments

I was surprised to find that a modern windows 10 machine (with all default security options) could have the user password bypassed easily with a Windows setup USB.

I could then read all the user's documents.

I thought the point of disk encryption and secure boot was to prevent that. Yet somehow the hole of allowing Windows setup to give you a privileged command prompt with a decrypted disk was never closed...

0 comments

noxer4y ago

You can bypass user login by simply removing the drive and access the data on it. This is not a bug or vulnerability this is completely normal for unencrypted disks.

Default options do not enable any drive encryption Secure boot is as the name says something to make booting secure it has absolutely nothing to do with protecting data on disk from being accessed by someone with physical access to the machine.

coliveira4y ago

I guess Windows administrators rely on this. If they close this issue, there will be a huge list of complains that they don't want to deal with.

withinboredom4y ago

This is true of just about any OS though. Linux and OSX has/had single user mode, for example.

IggleSniggle4y ago

I don’t understand. What’s the point of having an encrypted disk if it can be decrypted by any old USB-loaded OS?

selfhoster114y ago

A user password doesn't enable encryption. Bitlocker or another Full Disk Encryption solution is what you would want to use. If you can see the data, that means it's not encrypted.

1 more reply

j / k navigate · click thread line to collapse