alphapuggle
joined 2 years ago
Looking forward to the results!
Is this from the local connection or over RDP? The issue they're trying to point out seems to be that while it'll stop working for local sessions, RDP sessions will continue to accept the old password
As far as I can tell, this applies after reconnecting to the domain controller and being able to pull new credentials. It's not 100% clear in the article, but
Old credentials continue working for RDP—even from brand-new machines.
Even after users change their account password, however, it remains valid for RDP logins indefinitely. In some cases, Wade reported, multiple older passwords will work while newer ones won’t. The result: persistent RDP access that bypasses cloud verification, multifactor authentication, and Conditional Access policies.
While the password change prevents the adversary from logging in to the Microsoft or Azure account, the old password will give an adversary access to the user’s machine through RDP indefinitely.
However
The mechanism that makes all of this possible is credential caching on the hard drive of the local machine. The first time a user logs in using Microsoft or Azure account credentials, RDP will confirm the password's validity online. Windows then stores the credential in a cryptographically secured format on the local machine. From then on, Windows will validate any password entered during an RDP login by comparing it against the locally stored credential, with no online lookup. With that, the revoked password will still give remote access through RDP.
Which makes it sound like it has to be logged in successfully first, directly contradicting the first quote.
Either way, it does appear to be an issue that an online device will accept expired passwords before it will pull new credentials from the inter/intranet
This has been happening for years. Microsoft forces users to create an account at setup then conveniently makes sure you never remember that password again by having you setup a pin. Saw a decent number of customers have to setup their PCs again because bitlocker triggered and they didn't know the user or password the recovery code was associated with.
Microsoft 365 Copilot Video Discover
Peersonalizer
Inplace=true will modify the original dataframe, while false will return the result in a new dataframe. When you assign a variable the result of in place=true (dataframe = dataframe...(I place=true)), you've overwritten the data frame with the result of that call (which is nothing, it happened in place)
We used to put this on our discord music bot back when those were still a thing. Was worth a laugh or two
I have all 3 enabled, but inline is the only one that ever shows up. I am using Gboard, so I'm not 100% sure how it functions with other keyboard apps. Also try disabling inline and see it falls back to the generic auto fill service
https://en.m.wikipedia.org/wiki/British_Museum