Windows RDP lets you log-in using revoked passwords. Microsoft is ok with that
a year ago
- #Microsoft
- #Remote Access
- #Security
- Microsoft's Remote Desktop Protocol (RDP) allows revoked passwords to still grant access to Windows machines.
- Password changes, typically a security measure, do not always revoke access via RDP.
- Independent researcher Daniel Wade reported this behavior, calling it a 'Trust Breakdown.'
- Microsoft states this is a design choice to prevent users from being locked out, not a security vulnerability.
- The issue affects millions of users in various settings, with no clear detection or resolution method available.