Vulnerability Development mailing list archives
Re: XP Screen Saver password uses Old password until logout or New one is used.
From: Muhammad Faisal Rauf Danka <mfrd () attitudex com>
Date: Tue, 30 Apr 2002 13:18:01 -0700 (PDT)
Is'nt that the case with all win* since long time? Well the password is cached, that's why it verifies from cache, where it should verify it from the actual password location. Lack of routine addition in all screensavers I guess. Remember flushing cached Passwords in win* , HEH! =) P.S. It's not a feature, untill its discovered by Microsoft. Regards, --------- Muhammad Faisal Rauf Danka Chief Technology Officer Gem Internet Services (Pvt) Ltd. web: www.gem.net.pk voice: 92-021-111-GEMNET Chief Security Analyst Applied Technology Research Center (ATRC) web: www.atrc.net.pk voice: 92-021-4548323, 92-021-4546077 "Great is the Art of beginning, but Greater is the Art of ending. " ------BEGIN GEEK CODE BLOCK---- Version: 3.1 GCS/CM/P/TW d- s: !a C++ B@ L$ S$ U+++ P+ L+++ E--- W+ N+ o+ K- w-- O- PS PE- Y- PGP+ t+ X R tv+ b++ DI+ D G e++ h! r+ y+ ------END GEEK CODE BLOCK------ --- "Ghazi H. Al Wadi [NGHA-CTC]" <wadig () ngha med sa> wrote:
Hi, Today I have as usual, changed my PC logon password (XP Home Edition). When the screen saver started, I dismissed it and by force of habit, I typed the old password. To my surprise I was able to unlock the screen saver using the old password. I was able to do that several times, However, once I logout or use the new password I am unable to use the old password and have to use the new one. The question is , Is this a feature. and from a security point of view wouldn't that be a vulnerability. If not is it documented any where. And last, was this issue addressed before. Kindest regards Ghazi Al Wadi
_____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _____________________________________________________________ Run a small business? Then you need professional email like you () yourbiz com from Everyone.net http://www.everyone.net?tag
Current thread:
- Re: XP Screen Saver password uses Old password until logout or New one is used. Muhammad Faisal Rauf Danka (Apr 30)