Potential Clear-Text Password

high

Language:

Description

Admins may store sensitive information on AD object attributes to ease their work. However, since any domain user can read these attributes, storing passwords or secret keys could risk credentials theft and harm the infrastructure.

Solution

Any user within the organization can read attributes in most AD objects. IT administrators may use certain attributes to store sensitive information such as passwords, keys, and other credentials. To prevent potential exposure of valid credentials, they must avoid storing such sensitive information in object attributes.

Indicator Details

Name: Potential Clear-Text Password

Codename: C-CLEARTEXT-PASSWORD

Severity: High

MITRE ATT&CK Information:

Tactic: TA0008 - Lateral Movement
Tactic: TA0004 - Privilege Escalation
- Techniques: T1078 - Valid Accounts
Tactic: TA0006 - Credential Access
- Techniques: T1552 - Unsecured Credentials

Attacker Known Tools

SysInternal: AD Explorer

Detections

Analytics