Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Muhammad Faisal Rauf Danka (mfrdattitudex.com)
Date: Tue Apr 30 2002 - 15:18:01 CDT
Is'nt that the case with all win* since long time?
Well the password is cached, that's why it verifies from cache, where it should verify it from the actual password location. Lack of routine addition in all screensavers I guess. Remember flushing cached Passwords in win* , HEH! =)
P.S. It's not a feature, untill its discovered by Microsoft.
Muhammad Faisal Rauf Danka
Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
Chief Security Analyst
Applied Technology Research Center (ATRC)
voice: 92-021-4548323, 92-021-4546077
"Great is the Art of beginning, but Greater is the Art of ending. "
------BEGIN GEEK CODE BLOCK----
GCS/CM/P/TW d- s: !a C++ B L$ S$ U+++
P+ L+++ E--- W+ N+ o+ K- w-- O- PS PE- Y-
PGP+ t+ X R tv+ b++ DI+ D G e++ h! r+ y+
------END GEEK CODE BLOCK------
--- "Ghazi H. Al Wadi [NGHA-CTC]" <wadigngha.med.sa> wrote:
>Today I have as usual, changed my PC logon password (XP Home Edition). When
>the screen saver started, I dismissed it and by force of habit, I typed the
>old password. To my surprise I was able to unlock the screen saver using the
>I was able to do that several times, However, once I logout or use the new
>password I am unable to use the old password and have to use the new one.
>The question is , Is this a feature. and from a security point of view
>wouldn't that be a vulnerability. If not is it documented any where. And
>last, was this issue addressed before.
>Ghazi Al Wadi
Run a small business? Then you need professional email like youyourbiz.com from Everyone.net http://www.everyone.net?tag