We noticed the behaviour when a user password had expired. The user was still able to log on using SNC and change the password after logon. As we were a little bit intrigued by our finding we tried to lock the user with too many wrong passwords and after the user was locked, the user could still logon with through SNC.
After seeing Björn Brenchers demo of the RFC hack at TechEd recently I thought that if the Secure Login client is using the RFC gateway to connect the GUI with the server using SNC, then there must be implications also for the secure configuration of the RFC gateway, when Secure Login is used in the organisation, but maybe not?
Best regards,
Anders