Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: XP Screen Saver password uses Old password until logout or New one is used.

From: Muhammad Faisal Rauf Danka <mfrd () attitudex com>
Date: Tue, 30 Apr 2002 13:18:01 -0700 (PDT)
Is'nt that the case with all win* since long time?
Well the password is cached, that's why it verifies from cache, where it should verify it from the actual password 
location. Lack of routine addition in all screensavers I guess. Remember flushing cached Passwords in win* , HEH! =)

P.S. It's not a feature, untill its discovered by Microsoft.

Regards, 
---------
Muhammad Faisal Rauf Danka

Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk
voice: 92-021-111-GEMNET

Chief Security Analyst
Applied Technology Research Center (ATRC)
web: www.atrc.net.pk
voice: 92-021-4548323, 92-021-4546077

"Great is the Art of beginning, but Greater is the Art of ending. "

------BEGIN GEEK CODE BLOCK----
Version: 3.1
GCS/CM/P/TW d- s: !a C++ B@ L$ S$ U+++ 
P+ L+++ E--- W+ N+ o+ K- w-- O- PS PE- Y- 
PGP+ t+ X R tv+ b++ DI+ D G e++ h! r+ y+
------END GEEK CODE BLOCK------


--- "Ghazi H. Al Wadi [NGHA-CTC]" <wadig () ngha med sa> wrote:

Hi,
Today I have as usual, changed my PC logon password (XP Home Edition). When
the screen saver started, I dismissed it and by force of habit, I typed the
old password. To my surprise I was able to unlock the screen saver using the
old password.
I  was able to do that several times, However, once I logout or use the new
password I am unable to use the old password and have to use the new one.

The question is , Is this a feature. and from a security point of view
wouldn't that be a vulnerability. If not is it documented any where. And
last, was this issue addressed before.

Kindest regards
Ghazi Al Wadi


_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Run a small business? Then you need professional email like you () yourbiz com from Everyone.net  
http://www.everyone.net?tag
Previous By Date Next
Previous By Thread Next

Current thread: