If you’re like me and you trust your wife to be the other admin on your desktop PC running Windows, you may have a serious security hole. I didn’t realize until recently, but if you’re logged in to Windows 7, or Windows Vista for that matter, and you’re an administrator, you get to change all users passwords, including the passwords of other admins without exception.
Now, if you try to change the password for your own account, you have to enter the old password before you can change it into a new one. But here’s the thing: for other users, even admins, there’s no such requirement. Of course it makes sense that you don’t have to enter their old password, how would you even know? But it doesn’t require you to enter your own either.
Continue reading Two admins and a security hole