There is a LOT of documentation out there detailing credential exposurese, particularly those detailing the caching in LSASS of password artifacts. I have a specific question wrt RDP and how credentials are exposed during logon and logoff.
Q. When I mstsc /v to a remote server (same or using a set of different credentials) is there any caching of the password locally or remotely. My reading tells me that there will be no source caching (for different credentials) but there will be caching on the target server for the duration of the session and potentially sometime after if I dont log off cleanly. This applies to using a username / password and token based authentication too as this is just getting a hash..
Expert opinions welcome / helpful!