XP Screen Saver password uses Old password until logout or New one is used.

From: Ghazi H. Al Wadi [NGHA-CTC] (wadig@ngha.med.sa)
Date: 04/30/02


From: "Ghazi H. Al Wadi [NGHA-CTC]" <wadig@ngha.med.sa>
To: <vuln-dev@securityfocus.com>
Date: Tue, 30 Apr 2002 09:32:42 +0300

Hi,
Today I have as usual, changed my PC logon password (XP Home Edition). When
the screen saver started, I dismissed it and by force of habit, I typed the
old password. To my surprise I was able to unlock the screen saver using the
old password.
I was able to do that several times, However, once I logout or use the new
password I am unable to use the old password and have to use the new one.

The question is , Is this a feature. and from a security point of view
wouldn't that be a vulnerability. If not is it documented any where. And
last, was this issue addressed before.

Kindest regards
Ghazi Al Wadi



Relevant Pages

  • Re: OS X Annoyances (from a Windows User)
    ... They don't need to log out to do that, Wes. ... habit of *thinking* about security, ... You can also use your password with the screen saver. ... You can find that in Security Preferences: ...
    (comp.sys.mac.system)
  • RE: Auto-Logoff
    ... It drives me nuts! ... Is there an auto logoff feature ... > for XP Home Edition? ... Just put a screen saver and check the option on return show the user selection ...
    (microsoft.public.windowsxp.customize)
  • Re: screen saver
    ... microsoft.public.security news group, Adam ... Change the logon password ... and the screen saver password will change as well (sort of, ...
    (microsoft.public.security)
  • Re: Screen Saver Password Protect
    ... I have a need to password protect my system and i'm using the ... >>windows (WIN XP Home Edition) sign on screen that is activated when ... >>and auto starts the screen saver, but it does not work if i start the ... Hold down the Windows key and ...
    (microsoft.public.windowsxp.help_and_support)
  • Login Log File
    ... Is there some sort of file or program in Windows XP Home Edition that will ... The reason I ask is I was wondering if I could see what time someone logged ... enter a password whenever it goes to screen saver. ...
    (microsoft.public.windowsxp.security_admin)