Microsoft has no plans to fix Windows RDP bug that lets you log in with old passwords

[Pelican Press 0]

This is the hidden content, please

• Sign In
• or
• Sign Up

This is the hidden content, please

• Sign In
• or
• Sign Up

has no plans to fix Windows RDP bug that lets you log in with old passwords

This is the hidden content, please

• Sign In
• or
• Sign Up

apparently has no plans to fix a security flaw that leaves machines vulnerable using Windows Remote Desktop Protocol (RDP). In a recent report submitted to the

This is the hidden content, please

• Sign In
• or
• Sign Up

Security Response Center by Daniel Wade, the current configuration of Windows RDP will allow users to access machines to using old, cached passwords even if they have been updated or changed.

This makes it impossible to prevent access to machines using RDP by changing the password. Old cached passwords will still allow a successful login which is a huge security concern. Despite the glaring open *********,

This is the hidden content, please

• Sign In
• or
• Sign Up

has insisted that this is intentional and the company has no plans to change the way this function operates as it provides a method for users to never be completely locked out of their machine.

This is the hidden content, please

• Sign In
• or
• Sign Up

has their own definition of what qualifies as a “security vulnerability” and claims that this does not count as a vulnerability. The feature was intentionally designed to make sure users could access a given machine through RDP even after it’s been offline for a long ******* of time. Despite the concern, the feature is not optional and cannot be disabled.

Wade described the security concern has a breakdown of trust. When it comes to information security, changing a password is generally perceived as a surefire way to terminate access to a given account when they’re authenticated using any previous password. In this case, you can’t prevent access using old passwords and receive no warning that the old passwords are still valid when using RDP.

This is especially concerning in situations where passwords have been publicly compromised. Because there’s no way to eliminate the RDP authorization with them, would be hackers can technically gain access to the machine with the account owner being none the wiser.

This is the hidden content, please

• Sign In
• or
• Sign Up

has been aware of the issue for some time, citing a previous report from August of 2023. Although the issue was investigated back then, the decision was ultimately made to not to change the way it functions out of concern for compatibility issues it could face with existing applications.

Follow

This is the hidden content, please

• Sign In
• or
• Sign Up

to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.

Get Tom’s Hardware’s best news and in-depth reviews, straight to your inbox.

This is the hidden content, please

• Sign In
• or
• Sign Up

#

This is the hidden content, please

• Sign In
• or
• Sign Up

#plans #fix #Windows #RDP #bug #lets #log #passwords

This is the hidden content, please

• Sign In
• or
• Sign Up

This is the hidden content, please

• Sign In
• or
• Sign Up