Microsoft KB Archive/274613

= Passfilt.dll Does Not Enforce Minimum Password Length of 6 Characters =

Article ID: 274613

Article Last Modified on 11/1/2006

-

APPLIES TO


 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Server 4.0 Enterprise Edition
 * Microsoft Windows NT 4.0 Service Pack 4
 * Microsoft Windows NT 4.0 Service Pack 5
 * Microsoft Windows NT 4.0 Service Pack 6
 * Microsoft Windows NT 4.0 Service Pack 6a
 * Microsoft Windows NT 4.0 Service Pack 3
 * Microsoft Windows NT 4.0 Service Pack 4
 * Microsoft Windows NT 4.0 Service Pack 5
 * Microsoft Windows NT 4.0 Service Pack 6
 * Microsoft Windows NT 4.0 Service Pack 6a

-



This article was previously published under Q274613



SYMPTOMS
Passflt.dll is used by administrators to ensure that strong passwords are being used on the domain. However, Passflt.dll is used in conjunction with the domain policy for password length. If the domain policy allows for a blank password (that is, a zero-length password) and a user changes his or her password to, for example, &quot;Mm1&quot;, the password change succeeds. This occurs because the password length is longer than 0 (zero), an uppercase and a lowercase character was used, and a non-alphabetical character was used as well.



CAUSE
Passflt.dll does not check for a minimum length of 6 characters.



RESOLUTION
Passflt.dll has been modified to check the length of the password.

A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem.

To resolve this problem, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English version of this fix should have the following file attributes or later:   Date        Time     Version         Size   File name ---  9/27/2000   8:22PM   4.0.1381.7086   8 KB   Passflt.dll



WORKAROUND
To work around this problem, change the domain policy not to allow passwords of less than 6 characters.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

Additional query words: passflt dll

Keywords: kbbug kbfix kbqfe kbhotfixserver KB274613

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.