"Heh J, have you ever heard of this..." Yesterday, my Tech Lead said they got a ticket were the student saw their password revealed in plaintext on the login screen at one of the lab computers.
I dismissed it saying that maybe the student didn't understand the difference between Windows and our web portal and his web browser must be set to reveal passwords.
All of us techs got up and went to a test computer, Windows 8.1, that was set up like our lab computers. Shockingly, we were able to repeat it.
Now, we tried it on Windows 7 and 10, and we couldn't duplicate it there.
Type in your user name and then your password. Now at the end of your password add a \
Notice the "Logon to" has changed to your password.
***THIS ONLY APPEARS TO WORK IN A DOMAIN***
I did go to Microsoft and they got back to me really quick.
"Hello,
Thank you for contacting the Microsoft Security Response Center (MSRC). Upon investigation we have determined that this is not a valid vulnerability. There is no scenario that this would be useful to a malicious attacker as they would need physical access and have the password typed in already."
I agree. This isn't RCE or anything they would really care about, but it is informational disclosure. I can think of a few social engineering ways to do this.
It's a bug, I understand, but still....
What I can see is that the password box treats a \ as a domain switch just like the username box would.
What I can see is that the password box treats a \ as a domain switch just like the username box would.
No comments:
Post a Comment