Hi there, I just found a bug in WindowsME. Please check, if it works with you, too, or if it's just a local problem with my setup. I'm sorry, if someone already sent this bug to the mailinglist, but I couldn't find such a thread. Regards, blyke Risk: Little? Weirdness factor: High This bug enables you to login to someone else's profile, without knowing that persons password. This is no real security risk, as you can access anyones files, anyway. How it works: Your WinME box must be configured, so it starts with the Microsoft Network login. After one failed login try, the normal login screen appears. (Thats the default setup, when using the Microsoft Network Login). 1. Start your computer 2. When the login appears, enter the users ID and some other password 3. Now login with your own combination => The desktop you will see, is not yours, but the desktop of the first username you entered. Explanation: I can't really explain this phenomena, but the most likely explanation is, that the login functions of windows save the username of the first login attempt in one variable, and then just check, if the combination "username" and "password" are right, but don't check, if the new username entered is the same as the one entered in the family login. If the combination works, the profile, that is started, though, is the one of the username, saved before. Please inform me, if you find out anything else about that bug, or if some of the things, I mentioned here, prove to be wrong.
This archive was generated by hypermail 2b30 : Fri Aug 02 2002 - 00:55:08 PDT