Article ID: 193361 - View products that this article applies to.
This article was previously published under Q193361
A previous user's old password is visible to a third-party Gina.dll file because the Microsoft Msgina.dll file does not reset the old password flag and the old password string.
When a user changes his or her password because of the "Password Expiration" or "User Must Change Password During Next Logon" policy during the logon process, MSGINA keeps a flag indicating that the password has changed and stores the old password. When the next user logs on, this flag is not reset and the previous user's old password is stored, even though the new logged on user did not change his or her password.
To resolve this problem, obtain the latest service pack for Windows NT 4.0 or Windows NT Server 4.0, Terminal Server Edition or the individual software update. For information on obtaining the latest service pack, please go to:
Microsoft has confirmed that this is a problem in Windows NT 4.0. This problem was first corrected in Windows NT 4.0 Service Pack 5 and Windows NT Server 4.0, Terminal Server Edition Service Pack 5.