Windows RunAs Password Length Vulnerability

January 26, 2009 – 6:20 PM

The ‘RunAs’ application included with Microsoft Windows is prone to a local information-disclosure vulnerability that may reveal information about password lengths.

A local attacker may exploit this issue to gain information about user passwords. This may aid in further attacks, such as brute-force or dictionary attacks against passwords.

An attacker requires local, interactive access to exploit this issue.


You must be logged in to post a comment.