Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: XP Screen Saver password uses Old password until logout or New one is used.
From: Dave Booth <dbooth () carlson com>
Date: Wed, 01 May 2002 10:40:35 -0500
This is not much of a vuln, as many folks have already posted but its probably worth mentioning that its in xscreensaver on (your-favourite-*nix-variant) too - the xscreensaver daemon caches your encrypted password on startup, usually on setting up your X session. If you change your passwd during an X session and xscreensaver is set to lock your display then you'll need to either stop and restart the xscreensaver daemon or remember to use the old passwd to unlock your screen until you log out that session. IMHO this is a usability issue rather than a security hole though. 

--
Dave Booth, CWT-IT
dbooth () carlson com
+---------------------------------------------------+
| Catapultam habeo. Nisi pecuniam omnem mihi dabis, |
| ad caput tuum saxum immane mittam.                |
+---------------------------------------------------+

  By Date           By Thread  

Current thread:
  • Re: XP Screen Saver password uses Old password until logout or New one is used. Dave Booth (May 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]