Microsoft: “It’s Not A Bug, It’s A Feature!”

Liste des GroupesRevenir à col advocacy 
Sujet : Microsoft: “It’s Not A Bug, It’s A Feature!”
De : ldo (at) *nospam* nz.invalid (Lawrence D'Oliveiro)
Groupes : comp.os.linux.advocacy alt.comp.os.windows-11
Date : 01. May 2025, 00:36:04
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <vuuc53$1ajpm$1@dont-email.me>
User-Agent : Pan/0.162 (Pokrosvk)
Windows RDP is a mechanism for doing remote GUI logins to a Dimdows
machine. It turns out that RDP has a “feature” whereby it continues to
allow you to log in using an old password, even after that password
has been revoked.

Microsoft doesn’t seem to see this as a security issue at all:

    In response, Microsoft said the behavior is a “a design decision
    to ensure that at least one user account always has the ability to
    log in no matter how long a system has been offline.” As such,
    Microsoft said the behavior doesn’t meet the definition of a
    security vulnerability, and company engineers have no plans to
    change it.

Not only that, the problem had been reported to the company by another
security researcher nearly two years earlier:

    "We originally looked at a code change for this issue, but after
    further review of design documentation, changes to code could
    break compatibility with functionality used by many applications."

<https://arstechnica.com/security/2025/04/windows-rdp-lets-you-log-in-using-revoked-passwords-microsoft-is-ok-with-that/>

Date Sujet#  Auteur
1 May 25 * Microsoft: “It’s Not A Bug, It’s A Feature!”2Lawrence D'Oliveiro
1 May 25 `- Re: Microsoft: “It’s Not A Bug, It’s A Feature!”1T

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal