RE: XP Screen Saver password uses Old password until logout or Ne w one is used.

[Keith Tyler <ktyler () unicornfinancial com>]

Its because it stays cached. Its been like that in every version of Windows.

-----Original Message-----
From: Ghazi H. Al Wadi [NGHA-CTC] [mailto:wadig () ngha med sa]
Sent: Monday, April 29, 2002 11:33 PM
To: vuln-dev () securityfocus com
Subject: XP Screen Saver password uses Old password until logout or New one
is used.


Hi,
Today I have as usual, changed my PC logon password (XP Home Edition). When
the screen saver started, I dismissed it and by force of habit, I typed the
old password. To my surprise I was able to unlock the screen saver using the
old password.
I  was able to do that several times, However, once I logout or use the new
password I am unable to use the old password and have to use the new one.

The question is , Is this a feature. and from a security point of view
wouldn't that be a vulnerability. If not is it documented any where. And
last, was this issue addressed before.

Kindest regards
Ghazi Al Wadi