Blank Password Avoids Change/Uniqueness Protections

 Last reviewed: May 8, 1997
Article ID: Q102378
The information in this article applies to:
  • Microsoft Windows NT operating system version 3.1
  • Microsoft Windows NT Advanced Server version 3.1

SYMPTOMS

If the administrator creates a new account but doesn't enter a password, the "User Must Change Password at Next Logon" check box doesn't seem to work: when you next logon, Windows NT asks for a new password but will accept a blank password.

CAUSE

Even when a password history is in effect, you can still change your password from a blank password to a blank password. The password uniqueness setting should not allow this.

Blank passwords are not stored in the password history, so you can change your password to a blank password at any time -- even if you used a blank password more recently than the password uniqueness setting is supposed to allow.

Steps to Reproduce Behavior

  1. Create a new user without entering a password.

  2. Choose User Must Change Password.

  3. Logon as that user. You are asked to enter a new password.

  4. At the prompt to enter a new password, choose OK.

Windows NT responds that the password is successfully changed. In reality, you still have a blank password.

Additional query words: prodnt
Keywords : kbbug3.10 kbother ntsecurity
Version : 3.1
Platform : WINDOWS

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: May 8, 1997
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.