Blank Password Avoids Change/Uniqueness Protections (102378)
The information in this article applies to:
- Microsoft Windows NT Server 3.1
- Microsoft Windows NT Workstation 3.1
- Microsoft Windows NT Advanced Server 3.1
This article was previously published under Q102378 SYMPTOMS
If the administrator creates a new account but doesn't enter a
password, the "User Must Change Password at Next Logon" check box
doesn't seem to work: when you next logon, Windows NT asks for a new
password but will accept a blank password.
CAUSE
Even when a password history is in effect, you can still change your
password from a blank password to a blank password. The password
uniqueness setting should not allow this.
Blank passwords are not stored in the password history, so you can
change your password to a blank password at any time -- even if you
used a blank password more recently than the password uniqueness
setting is supposed to allow.
Steps to Reproduce Behavior- Create a new user without entering a password.
- Choose User Must Change Password.
- Logon as that user. You are asked to enter a new password.
- At the prompt to enter a new password, choose OK.
Windows NT responds that the password is successfully changed. In
reality, you still have a blank password.
| Modification Type: | Major | Last Reviewed: | 11/20/2003 |
|---|
| Keywords: | kbother KB102378 |
|---|
|