In the venn diagram between me and the target demographic the circles are not touching
alphapuggle
Binged the whole series from start to finish this weekend (first time watch) because of these posts
I'd settle for it being feasible to bike to work. I don't have to get paid the experience
To be fair, many of the things we do are bad for your heart
Live fast and leave a sexy corpse
Don't forget to support FOSS software you're using, including lemmy & your home instance
Likely not. I was required by my university to install it as the only possible MFA method. Text, totp, passkey, and security key all disabled
Looking forward to the results!
Is this from the local connection or over RDP? The issue they're trying to point out seems to be that while it'll stop working for local sessions, RDP sessions will continue to accept the old password
As far as I can tell, this applies after reconnecting to the domain controller and being able to pull new credentials. It's not 100% clear in the article, but
Old credentials continue working for RDP—even from brand-new machines.
Even after users change their account password, however, it remains valid for RDP logins indefinitely. In some cases, Wade reported, multiple older passwords will work while newer ones won’t. The result: persistent RDP access that bypasses cloud verification, multifactor authentication, and Conditional Access policies.
While the password change prevents the adversary from logging in to the Microsoft or Azure account, the old password will give an adversary access to the user’s machine through RDP indefinitely.
However
The mechanism that makes all of this possible is credential caching on the hard drive of the local machine. The first time a user logs in using Microsoft or Azure account credentials, RDP will confirm the password's validity online. Windows then stores the credential in a cryptographically secured format on the local machine. From then on, Windows will validate any password entered during an RDP login by comparing it against the locally stored credential, with no online lookup. With that, the revoked password will still give remote access through RDP.
Which makes it sound like it has to be logged in successfully first, directly contradicting the first quote.
Either way, it does appear to be an issue that an online device will accept expired passwords before it will pull new credentials from the inter/intranet
Entrapta is not with the horde, she's with science!