Windows RDP lets you log in using revoked passwords. Microsoft is OK with that.
From the department of head scratches comes this counterintuitive news: Microsoft says it has no plans to change a remote login protocol in Windows that allows people to log in to machines using passwords that have been revoked. Password changes are among the first steps people should take in the event that a password has been leaked or an account has been compromised. People expect that once they've taken this step, none of the devices that relied on the password can be accessed. Not just a bug The Remote Desktop Protocol —the proprietary mechanism built into Windows for allowing a [...]