|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
NetUserChangePassword WinAPI
- To: NTBUGTRAQ
LISTSERV.NTBUGTRAQ.COM - Subject: NetUserChangePassword WinAPI
- From: Shane Harrelson <SHarrelsonMATRASYSTEMS.COM>
- Date: Tue, 18 May 1999 11:54:41 -0400
- Approved-By: Russ.CooperRC.ON.CA
- Reply-To: Shane Harrelson <SHarrelsonMATRASYSTEMS.COM>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
I've noticed two strange problems when
using the NetUserChangePassword() WinAPI
to programmatically change a users
password.
1) When I change my password with the
API, and then use CTRL-ALT-DEL to get to
the security panel, if I choose
"Lock Workstation" I must use my *OLD*
password to unlock it.
2) Every time I change my password with
the API, the "bad login" attempts is
incremented, even if the change is
successful, so if the "lockout" option
is set, changing your password enough
times locks out your account.
Neither of these problems occur if you
change your password via CTRL-ALT-DEL
and the security panel.
I have verified that the password is
actually getting changed at the time the
API is called by going to a different
machine and logging in with the new
password.
The NetUserChangePassword() WinAPI has
the following prototype:
NET_API_STATUS NetUserChangePassword(LPWSTR domainname,
LPWSTR username,
LPWSTR oldpassword,
LPWSTR newpassword);
The NetUserChangePassword() WinAPI is found
in the netapi32.dll. I'm using
Windows NT 4.0 Workstation with Service Pack 4.
-Shane
- Prev by Date: Alert: Microsoft Security Bulletin (MS99-015) with commentary
- Next by Date: 2 Bugs, IIS and IE 5.0
- Prev by thread: Alert: Microsoft Security Bulletin (MS99-015) with commentary
- Next by thread: Re: NetUserChangePassword WinAPI
- Index(es):