Windows 8 Picture/PIN password glitch discovered

Picture and PIN passwords saved in Windows 8 pre-release version can be accessed by any user with admin rights, according to a security vendor.

A vulnerability with the preview version of Microsoft’s Windows 8 operating system (OS), where it saves a log on password in plain text and allows any user with admin rights to see the password details, has been discovered by a password security vendor.

According to a blog post by a Passcape Software administrator, Picture password and PIN are new sign-in authentication methods in the developer preview of Windows 8 which are designed to avoid the problem of forgotten passwords.

However, the blog urges users to use the authentication methods with caution because the user must first create a Windows 8 acccount with a regular password before switching to PIN or Picture password authentication.

“If a [Windows 8] account is configured for authentication using Picture password or PIN, your original plain-text password is stored in the system, and any user with the administrator privileges can gain access to it,” read the blog post.

Microsoft Australia has been contacted for a response by Computerworld Australia.

Windows 8 is set to go on sale on October 26 this month.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia

Comments

Comments are now closed

Can 'Gundam' fans build a six-story walking robot?

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]