mubix
commented
4 years ago How to detect this finding using BloodHound data and Neo4j:
MATCH (u:User) WHERE u.userpassword IS NOT NULL RETURN uOpen mubix opened 4 years ago
mubix
commented
4 years ago How to detect this finding using BloodHound data and Neo4j:
MATCH (u:User) WHERE u.userpassword IS NOT NULL RETURN u
There are X users who have their passwords stored in active directory. These accounts were verified to have these passwords still active and the accounts are enabled. This is usually the result of an application creating a user in Active Directory programmatically using direct LDAP queries. It is recommended these accounts be investigated to see if they are still in use and if the passwords can be changed. The effect is that any user in the domain can query LDAP for these passwords in clear text.