Password Displayed in clear text in Defender Desktop Login
The entered password is displayed in clear text in the wrong field when escaping and re-entering the login prompt when using Defender Desktop Login.
Steps to reproduce:
1. Type in UserID, Password and a incorrect Token response into the 3 fields. This will result in a Passcode Error screen. 2. Delete all login data and press Escape to return to the Ctrl + Alt + Delete to Login screen 3. Click Other User 4. The Password that was used by the previous user is now visible in the UserID field with the exception of the first character which is masked.
Please note also that "Interactive logon: Do not display last user name" is enabled via either the Local Security Policy or by GPO.
Change request CR 6247 has been submitted to the Defender product team for inclusion in the next hotfix release of Defender Desktop Login.