Re: XP Screen Saver password uses Old password until logout or New one is used.

[Dave Booth <dbooth () carlson com>]

This is not much of a vuln, as many folks have already posted but its 
probably worth mentioning that its in xscreensaver on 
(your-favourite-*nix-variant) too - the xscreensaver daemon caches your 
encrypted password on startup, usually on setting up your X session. If 
you change your passwd during an X session and xscreensaver is set to 
lock your display then you'll need to either stop and restart the 
xscreensaver daemon or remember to use the old passwd to unlock your 
screen until you log out that session. IMHO this is a usability issue 
rather than a security hole though.

--
Dave Booth, CWT-IT
dbooth () carlson com
+---------------------------------------------------+
| Catapultam habeo. Nisi pecuniam omnem mihi dabis, |
| ad caput tuum saxum immane mittam.                |
+---------------------------------------------------+