Windows 8 Picture/PIN password glitch discovered

Picture and PIN passwords saved in Windows 8 pre-release version can be accessed by any user with admin rights, according to a security vendor.

A vulnerability with the preview version of Microsoft’s Windows 8 operating system (OS), where it saves a log on password in plain text and allows any user with admin rights to see the password details, has been discovered by a password security vendor.

According to a blog post by a Passcape Software administrator, Picture password and PIN are new sign-in authentication methods in the developer preview of Windows 8 which are designed to avoid the problem of forgotten passwords.

However, the blog urges users to use the authentication methods with caution because the user must first create a Windows 8 acccount with a regular password before switching to PIN or Picture password authentication.

“If a [Windows 8] account is configured for authentication using Picture password or PIN, your original plain-text password is stored in the system, and any user with the administrator privileges can gain access to it,” read the blog post.

Microsoft Australia has been contacted for a response by Computerworld Australia.

Windows 8 is set to go on sale on October 26 this month.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia

Join the newsletter!

Error: Please check your email address.
Show Comments