More

    Microsoft RDP apparently lets you log in with expired passwords – and it apparently doesn’t have plans to fix the issue




    • Security researcher Daniel Wade discovers worrying Microsoft RDP feature
    • This allows old credentials to be used when logging in
    • Microsoft has confirmed it has no plans to change this

    Security researcher Daniel Wade has discovered a protocol within Microsoft’s Remote Desktop Protocol (RDP), which allows users to log into machines using revoked passwords.

    Wade’s report warns “this isn’t just a bug. It’s a trust breakdown,” reminding Microsoft that people change their passwords trusting that this will “cut off unauthorized access”, making this feature entirely counter-intuitive. Wade cautioned “millions of users—at home, in small businesses, or hybrid work setups—are unknowingly at risk.

    https://cdn.mos.cms.futurecdn.net/295f0b7d716f1d3f3a1cdf27b8a1616e.jpg



    Source link

    Latest articles

    spot_imgspot_img

    Related articles

    Leave a reply

    Please enter your comment!
    Please enter your name here

    spot_imgspot_img