Detections
Analytics
Reversible Passwords in GPO
medium
Language:
Description
While creating local accounts on machines via GPOs using the Group Policy Preferences (GPP) feature, some administrators may unknowingly store passwords in a format that is accessible to attackers. Additionally, configuring computers to bypass password requirements during startup can also result in such security issues.
Solution
GPOs that store reversible passwords are typically legacy settings or autologon features that you should eliminate. These settings expose valid credentials and pose a security risk.
See Also
MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege
Indicator Details
Name: Reversible Passwords in GPO
Codename: C-REVER-PWD-GPO
Severity: Medium
- Tactic: TA0001 - Initial Access
- Techniques: T1078 - Valid Accounts
- Tactic: TA0004 - Privilege Escalation
- Techniques: T1078 - Valid Accounts
- Tactic: TA0006 - Credential Access
- Techniques: T1552.006 - Unsecured Credentials