The problem is the Windows function that maintains the 10 previous passwords in the form of hashi encrypted data used to verify the authenticity. Even after a password change, it remains active to enter the old mixed RDP.
Bomont claims that it has created a potential “eternal backdor ve and allows attackers who know the old password to access the system. However, Microsoft insists that this is a conscious solution for the comfort of users and recommends to close the password cache or use two factors authentication (2FA) to increase security. 2FA, for example, requires code code from the phone that reduces risks.
Experts state that the problem is valid for organizations where employees can accidentally or deliberately disclose old passwords. Although Microsoft does not plan to eliminate this feature, companies can minimize threats, update security policies regularly and close outdated protocols.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
