Microsoft RDP apparently lets you log in with expired passwords - and it apparently doesn't have plans to fix the issue

The vulnerability that Microsoft's Remote Desktop Protocol has and that would affect all versions of Windows and that, in principle, will not be corrected.

Microsoft RDP apparently lets you log in with expired passwords - and it apparently doesn't have plans to fix the issue

Changing passwords could be basically pointless for Microsoft RDP.

A security nightmare: attackers can log in with old, revoked passwords. Microsoft does not plan to make changes.

After a password change in a Microsoft account, the remote desktop function of Windows continues to accept the old password. According to Microsoft with intent. (Sicherheitlcke, Microsoft)

CISOs should re-consider using Microsoft RDP due to password flaw, says expert

CISOs allowing remote access to Windows machines through Remote Desktop Protocol (RDP) should re-think their strategy after the discovery that changed or revoked passwords can still work, says an expert. “I was unpleasantly surprised” to hear about the vulnerability, David Shipley, head of Canadian security awareness training firm Beauceron Security, said in an interview. “I would have expected that revoking credentials meant revoking credential…

Microsoft Won't Fix Windows Remote Login Flaw

Key Takeaways: Microsoft keeps a remote login feature that uses old passwords. This stays even after you change your password. It’s a design choice to stop users from getting locked out. Users should update passwords on all devices regularly. A Confusing Situation Imagine you change your password because you think someone might know it. You expect that no one can use your old password anymore. But with Microsoft’s Remote Desktop, your old passw…