- Security researcher Daniel Wade discovers a disturbing Microsoft RDP functionality
- This allows you to use old identification information when connection
- Microsoft confirmed that he did not intend to change this
Security researcher Daniel Wade discovered a protocol in the remote office protocol of Microsoft (RDP), which allows users to connect to machines using passwords revoked.
Wade’s report warns “it’s not just a bug. It is a breakdown of confidence “, reminding Microsoft that people change their passwords by trusting that this will cut unauthorized access”, which makes this functionality fully counter-intuitive. Wade warned that “millions of users – at home, in small businesses or hybrid work configurations – are at risk without knowing it.
Surprisingly, in his response, Microsoft said that this behavior was not a bug – rather call it: “A design decision to ensure that at least one user account always has the possibility of connecting, regardless of the duration of an offline system.”
A functionality, not a bug
Microsoft confirmed that the problem did not respond to its definition of a security vulnerability and that the company does not intend to make changes to this.
According to the Wade report, there is no clear way for end users to detect or solve the problem on their side, and Azure, defender, Entra ID does not raise any flag, leaving vulnerable users even if they take protective measures.
“This creates a silent and distant stolen door in any system where the password has ever been cache. Even if the attacker never had access to this system, Windows will always trust the password,” said Wade.
Identification flight and data violations are far too common and compromise passwords are a serious risk for businesses and users. Research has shown that security password security attacks have soaked, more and more frequent and sophisticated attacks.
This means that the regular rotation of passwords is an important facet of cybersecurity, and the best center of password hygiene practices revoking ancient, reused or compromised – which makes this functionality all the more confused and concerning.
Via ARS Technica
