Reminds me of this classic Windows 98 (I believe) login screen bypass. https://i.imgur.com/rG0p0b2.gif

Microsoft's fix seems to have only fixed the sticky-keys dialog [1], apparently by just removing the link to the settings when you are in a lockscreen. So if you manage to find another way to launch the settings from a lockscreen everything else should still work as described.

1: https://msrc.microsoft.com/update-guide/en-us/vulnerability/...

Related: yesterday's post by jwz, "I told you so, 2021 edition" [1], which discusses security bypass in linux screensavers.

[1] https://news.ycombinator.com/item?id=25801693

I really wish there was video of the entire process start to finish.

This part in particular seems like it would be incredibly amusing right before the account gets added;

> It is easy to see when the loop is running because the Narrator will move its focus box and say “access denied” every second.

This truly is Hollywood style hacking made real.

Accessibility features are a great source of security vulnerabilities. I rely on them myself, and have personally found or witnessed quite a few.

This is not a BitLocker bypass. It's a Windows login screen bypass. The BitLocker login is before Windows ever boots. This describes a system where the user has ALREADY bypassed the BitLocker login and has advanced on to the Windows login screen.

What does this have to do with Bitlocker?

EDIT: i get it now, it plays a small part in the exploit chain because it doesn't correctly verify what it sets permissions on when automounting usb drives.

BTW: You can disable the "I forgot my password" thing completely on the login screen by setting this registry key to 0:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\NgcPin

I wonder if this was left on purpose for law enforcement or corporate spies and if there are more vulnerabilities like this. Seems like it's better to just stay with good old TC.

Excellent example of why one should attempt to limit attack surface.

When I realised I had forgotten the bitlocker password on an old Windows disk I did not throw it away, but kept it, knowing this day would come.

Reminds me of how hard it is to write a screensaver by jwz https://www.jwz.org/blog/2015/04/i-told-you-so-again/ (and follow the links)

There are so many gotchas in computer security. Isn't there a way to verify that a simple algorithm can have only prespecified valid final states (aka {authenticated && allowed login}, {not authenticated && disallowed login})?

I have only encountered BitLocker on military computers. There BitLocker login occurs before Windows boots, like at the BIOS key entry, and has no options for forgot password.

I thought this was supposed to encrypt the drive? How can you bypass the lockscreen without having the password? Is the encryption theater?

> If the application has a manifest, then any .local files are ignored.

I suppose this does not hold true for the .local folder named that, apparently? I had not seen it documented before that it looks in that specially crafted dll subfolder (presumably using information from the manifest) to load a dll that is specified in one.

Perfect use-case for Narrator ;-)

this probably means governments , hackers, etc know many other bypasses

This is not the bitlocker bios pin entry lock screen. That's what I was imagining from the title.

Who leaves sticky keys on?

Do you want hard sex in your city with the best bitch?This way for you - https://adultlove.life