RE: XP Screen Saver password uses Old password until logout or Ne w one is used.

From: Keith Tyler (ktylerat_private)
Date: Tue Apr 30 2002 - 09:10:07 PDT

Next message: Johannes Lemmerer: "AW: Buffer overflow or overrun?"

Previous message: Simon Tamلs: "Re: The Hazard of using 'printer friendly' functions on commercial sites"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Its because it stays cached. Its been like that in every version of Windows.

-----Original Message-----
From: Ghazi H. Al Wadi [NGHA-CTC] [mailto:wadigat_private]
Sent: Monday, April 29, 2002 11:33 PM
To: vuln-devat_private
Subject: XP Screen Saver password uses Old password until logout or New one
is used.

Hi,
Today I have as usual, changed my PC logon password (XP Home Edition). When
the screen saver started, I dismissed it and by force of habit, I typed the
old password. To my surprise I was able to unlock the screen saver using the
old password.
I  was able to do that several times, However, once I logout or use the new
password I am unable to use the old password and have to use the new one.

The question is , Is this a feature. and from a security point of view
wouldn't that be a vulnerability. If not is it documented any where. And
last, was this issue addressed before.

Kindest regards
Ghazi Al Wadi

Next message: Johannes Lemmerer: "AW: Buffer overflow or overrun?"
Previous message: Simon Tamلs: "Re: The Hazard of using 'printer friendly' functions on commercial sites"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 30 2002 - 10:53:02 PDT