■■■■□ Windows 11 password write in plain text.
Finally had a moment to test Winlogon password leaking (a.k.a. notifying) on Windows 11. No big surprise.
And the flow is:
-user enters password
-winlogon loads mpnotify.exe
-mpnotify opens RPC channel
-winlogon sends pass via RPC
-mpnotify forwards to DLL
-DLL stores it on disk pic.twitter.com/502qCao1BH
— Grzegorz Tworek (@0gtweet) November 29, 2021