Re: XP Screen Saver password uses Old password until logout or New one is used.

From: Muhammad Faisal Rauf Danka (mfrd@attitudex.com)
Date: 04/30/02


Date: Tue, 30 Apr 2002 13:18:01 -0700 (PDT)
From: Muhammad Faisal Rauf Danka <mfrd@attitudex.com>
To: "Ghazi H. Al Wadi [NGHA-CTC]" <wadig@ngha.med.sa>, vuln-dev@securityfocus.com

Is'nt that the case with all win* since long time?
Well the password is cached, that's why it verifies from cache, where it should verify it from the actual password location. Lack of routine addition in all screensavers I guess. Remember flushing cached Passwords in win* , HEH! =)

P.S. It's not a feature, untill its discovered by Microsoft.

Regards,
---------
Muhammad Faisal Rauf Danka

Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk
voice: 92-021-111-GEMNET

Chief Security Analyst
Applied Technology Research Center (ATRC)
web: www.atrc.net.pk
voice: 92-021-4548323, 92-021-4546077

"Great is the Art of beginning, but Greater is the Art of ending. "

------BEGIN GEEK CODE BLOCK----
Version: 3.1
GCS/CM/P/TW d- s: !a C++ B@ L$ S$ U+++
P+ L+++ E--- W+ N+ o+ K- w-- O- PS PE- Y-
PGP+ t+ X R tv+ b++ DI+ D G e++ h! r+ y+
------END GEEK CODE BLOCK------

--- "Ghazi H. Al Wadi [NGHA-CTC]" <wadig@ngha.med.sa> wrote:
>Hi,
>Today I have as usual, changed my PC logon password (XP Home Edition). When
>the screen saver started, I dismissed it and by force of habit, I typed the
>old password. To my surprise I was able to unlock the screen saver using the
>old password.
>I was able to do that several times, However, once I logout or use the new
>password I am unable to use the old password and have to use the new one.
>
>The question is , Is this a feature. and from a security point of view
>wouldn't that be a vulnerability. If not is it documented any where. And
>last, was this issue addressed before.
>
>Kindest regards
>Ghazi Al Wadi

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Run a small business? Then you need professional email like you@yourbiz.com from Everyone.net http://www.everyone.net?tag



Relevant Pages

  • Re: Windows mobile 5.0 screen saver
    ... During this voice interaction the device can go ... into standby (power saver) mode, ... only a *very* small percentage of Windows CE ... screen saver is a dll that is invoked by the system. ...
    (microsoft.public.dotnet.framework.compactframework)
  • Re: N70 "screen saver" - pointless?
    ... prevents you from seeing there is a voice or text message (without having ... to fiddle with buttons), ... really stupid! ...
    (uk.telecom.mobile)
  • Re: N70 "screen saver" - pointless?
    ... I had several new Nokias and Ericssons and got rid of them all because the ... prevents you from seeing there is a voice or text message (without having to ... Now I just use plain B&W Nokia 1100 on which the screen saver is optional ...
    (uk.telecom.mobile)
  • Re: Lorenz Attractor
    ... Google "lorentz screen saver" there are already several free ones. ... Art ...
    (sci.electronics.design)
  • Hi darling, what are you doing now?
    ... Sorry :-) it's late,, I know,, but I`ve a new mail adress. ... I've got my own screen saver;; with me! ... Ok ok,, I'm nacked in this pic, but, it is a work of art! ... Yaya I know i know! ...
    (Linux-Kernel)