this post was submitted on 01 May 2025
313 points (99.4% liked)

Technology

69726 readers
4506 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
313
Windows RDP lets you log in using revoked passwords. Microsoft is OK with that. - Ars Technica (arstechnica.com)
submitted 5 days ago by AngelikaMerkel@feddit.org to c/technology@lemmy.world
24 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[โ€“] IllNess@infosec.pub 3 points 4 days ago (1 children)

Any situation where an old password would be valid indefinitely and a new one not recognized would require the machine to not be able to reach AD or Entra, but also to still be reachable by RDP... indefinitely. That's definitely not impossible, but it's one hell of an edge case to use the term "indefinitely" for.

Would something like this happen if AD and Entra is in a remote office, the machine has a networking issue that prevents non local connections?

[โ€“] wizardbeard@lemmy.dbzer0.com 5 points 4 days ago

Yep. If the network is local only and can't reach Azure (for Entra) or the Domain Controller (for AD) that we're saying is at another physical location, then there's no way for the machine to see the new password. It will continue to accept the old cached password until that network issue is resolved.

But that's always been the case. It's how Windows NT and forward work. In that scenario, you could only reach the machine over RDP if you were on another machine on that isolated network.