"It’s Not a Bug, It’s a Feature": Microsoft’s RDP Caching Nightmare

Security researcher Daniel Wade has discovered that old Microsoft passwords continue to work for RDP access even after they have been changed. This behavior is due to the local caching of encrypted credentials during the first RDP authentication. Microsoft considers this behavior to be an intentional feature to ensure offline access, without offering a fix.