The ability to use the canceled password to log in through the RDP is when the Windows Machine, which is signing in with Microsoft or Ezore account, is created to enable access to a remote desktop. In this case, users can log into Over RDP with a dedicated password that is confirmed locally stored credentials. Alternatively, users can log in using credentials for an online account that were used to sign in the machine.
The RDP Configure Window screenshot showed remote access to the Microsoft Account (for hotmail).
Even after users change their account password, this is valid for an indefinite period for RDP login. In some cases, the video reported, many old passwords will work while not new. Result: Permanent RDP access, which neglects cloud verification, multi -factor verification, and conditional access policies.
Another Wade and Windows Security Expert said that very little known behavior could be expensive in scenarios where a Microsoft or Executive Account has been compromised, for example when their passwords have been leaked publicly. In such an event, the first way to take action is to change the password to prevent an opponent from accessing sensitive resources. Although the password change prevents the opponent from logging into Microsoft or the Ezoor account, the old password will provide the enemy access to the user’s machine through the RDP for an indefinite period.
“This produces a silent, remote backdoor in any system where the password was ever used,” Wed wrote in its report. “Even if the attacker never had access to this system, Windows will still trust the password.”
Doreman, a senior threat to a security firm analysis, agreed.
He wrote in an online interview, “From a security point of view it doesn’t mean.” “If I am Sedman, I would expect that when I change an account password, the old credentials of this account cannot be used anywhere. But it is not.”
Credentials catching is a problem
This procedure that makes it all possible is the credentials on the local machine’s hard drive. The first time a user logs into the use of Microsoft or Azure Account credentials, the RDP will confirm the authenticity of the online password. Windows then saves this document in a secure format from the local machine. Since then, Windows RDP will verify any password entered during the login, compared to locally stored credentials, which will not be searched online. In addition, the canceled password will still provide remote access through the RDP.