That doesn't happen via SetPassword or ChangePassword methods. Your code is doing something else... (like logging them on locally). How are you changing passwords?
Probably either impersonating them with some weird options or calling LogonUser to get a token with the wrong options and then passing that token to the impersonation context.
Did you buy this app? If so it's a POS and get a new one. If not your code is busted, fix it.
Member
70 Points
921 Posts
MVP
Re: Huge security blunder? Bit of a fun too.. :)
Aug 21, 2006 12:47 AM|bdesmond|LINK
Probably either impersonating them with some weird options or calling LogonUser to get a token with the wrong options and then passing that token to the impersonation context.
Did you buy this app? If so it's a POS and get a new one. If not your code is busted, fix it.
Windows Server MVP - Directory Services
http://www.briandesmond.com