cfdb icon indicating copy to clipboard operation
cfdb copied to clipboard

Published 20 hours ago verified publisher icon mubix

User Passwords Stored in Active Directory

Open mubix opened this issue 5 years ago • 1 comments

There are X users who have their passwords stored in active directory. These accounts were verified to have these passwords still active and the accounts are enabled. This is usually the result of an application creating a user in Active Directory programmatically using direct LDAP queries. It is recommended these accounts be investigated to see if they are still in use and if the passwords can be changed. The effect is that any user in the domain can query LDAP for these passwords in clear text.

mubix avatar Nov 05 '19 21:11 mubix

How to detect this finding using BloodHound data and Neo4j:

MATCH (u:User) WHERE u.userpassword IS NOT NULL RETURN u

mubix avatar Nov 05 '19 21:11 mubix