PoShPACLI icon indicating copy to clipboard operation
PoShPACLI copied to clipboard

Published 20 hours ago verified publisher icon pspete

Password exposure by PACLI LOGON method - password is sent in clear text

Open InconstantRO opened this issue 2 years ago • 0 comments

There is a security issue, when using a password to logon. Password is sent in clear text. Process command line looks like this: PACLI.exe LOGON PASSWORD=<YourPasssword>...

Password can be captured and logged in clear text using different methods:

  • By enabling Process monitoring and command line auditing in Group Plicies.
  • By installing Sysmon agent (from Sysinternals).
  • By manually querrying currently running processes and inspecting process properties.

Workaround: use logon file (can be created via CreateCred utility). Also, it is recommended to use an option to auto-rotate the password.

I would suggest to put some warning, when password logon method is used. To warn somehow user that it is not secure.

InconstantRO avatar Jan 19 '23 11:01 InconstantRO