I'm very surprised to find that there (still 3 years later) isn't even a measure of control over removal of these credentials. There should be an option to clear credentials on disconnect as well as a setting to clear all credentials globally after a certain period of time.
I understand that the engineer can prompt for credentials again and then store blank credentials before disconnecting. However, that is a grossly inadequate method of handling a potential security hole.
To be clear, I have the resulting problem frequently - CAPS lock falsely stated as being on/enabled when using SC to connect to remote systems. However, CAPS lock was/never is enabled on my machine or the target machine I'm connecting to.
Unfortunately, this has been happening for as long as I can remember. It definitely goes back to the 5.x version. The target host would claim CAPS Lock is on (Windows login or other application login boxes) when in fact it is not enabled.
Perhaps coincidence, but I've only ever seen it falsely state CAPS Lock is on. I've not come across it acting as if CAPS Lock is off when it is in fact on. Again, this may be coincidence since I pretty much never use CAPS Lock.
It's happened for so long and happens so frequently I automatically ignore CAPS Lock warnings whenever using SC. I'd love to see this fixed!
Connecting from Windows 10 (Don't recall if I was running Windows 7 on my management PC at the time we started using SC)
Connecting to Windows 7, 8, 10, Server 2008/R2, Server 2012/R2, Server 2016
Customer support service by UserEcho