A flaw exists in the Windows login flow where an AuthContext token can be exploited for replay attacks and authentication bypass.