Bug or feature?
An Israel based tech researcher demonstrated that it is possible to get access to any logged-in user account in any of the Windows OS version. And surprisingly, it takes less than a minute.
Alexander Korznikov a Israel based researcher showed how he did get gained accessed to Windows account with actually knowing any idea about login credentials. Kevin Beaumont, another security researcher confirmed this and says that this ‘bug or feature’ works on any Windows Version.
According to Researcher Alexander, to gain access, it needs remote desktop connection session or the physical address of the local machine. A user must be logged in to the target machine for gaining access to the machine.
For this, the attacker needs any account with highest privileges need to log in to the machine. Using the local built-in CMD with NT AUTHORITY/SYSTEM command, another user credentials can be accessed. This process can take less than a minute. Using the CMD prompt and the above mentioned command, its possible to gain any logging credentials of any other user in the target machine.
Alexander says that he many not be the first person to perform session hijacking or gaining other account credentials. He is also not sure that it is a feature in Windows or a bug. Benjamin Delpy, a French based security researcher says that he performed similar hack in 2011. If this was performed in 2011, Microsoft would have came to know about this bug. Or it might be a feature. Or Microsoft is too lazy to fix this issue. However, this may not be a bug says Alexander. He added that this is a design flow Windows API where an admin can perform any thing in the machine.
Windows 7 via Task Manager:
Windows 7 via command line: