Windows RunAs Password Length VulnerabilityJanuary 26, 2009 – 6:20 PM
The ‘RunAs’ application included with Microsoft Windows is prone to a local information-disclosure vulnerability that may reveal information about password lengths.
A local attacker may exploit this issue to gain information about user passwords. This may aid in further attacks, such as brute-force or dictionary attacks against passwords.
An attacker requires local, interactive access to exploit this issue.