Password change prompt can be bypassed
Posted by on 01 September 2011 01:53 PM

When a new password policy synchronizes to a device, the user will be prompted for a new password, but will also see "Cancel" and "Continue" buttons if viewing the screen in portrait mode.  This allows the user to bypass the password change requirement.  Pressing the "Back" button also provides a way to circumvent the password change requirement.
This is an issue on 2.2 OS devices.  The system lets you cancel or back out of a password change prompt and the app cannot prevent it, however, email synchronization may be discontinued until the password is changed.

This issue has been observed on:

-Samsung Galaxy Ace 3, Galaxy Captivate, Galaxy Grand, Galaxy Nexus, Galaxy Note II, Galaxy S, Galaxy S II Skyrocket, Galaxy S II LTE, Galaxy Tab, Galaxy Tab 10.1, Galaxy S II Epic 4G Touch, Galaxy S III mini, Infuse, and Nexus 10
-LG Enact, Enlighten, G2, G3 Vigor, Intuition, Optimus 3D, Optimus G Pro, Spectrum, Thrill 4G, and Viper 4G LTE
-HTC Desire X, First, Incredible 4G LTE, One max, One S, One SV, One X+, Status and Vivid
-Motorola Droid RAZR HD, Droid Ultra
-Pantech Breakout
-Huawei 858 Smart
-Fujitsu F-12C Globetrotter
-Amazon Kindle Fire HD

B2748