Detections
Analytics
Reversible Passwords
medium
Language:
Description
While Active Directory does support legacy applications that require passwords in clear-text format to function, you should disable this feature.
Solution
Accounts with passwords stored in a reversible format in the Active Directory are typically legacy service accounts, which you should consider deleting.
See Also
Store password using reversible encryption for all users in the domain
Store passwords using reversible encryption
[MS-SAMR]: Security Account Manager (SAM) Remote Protocol (Client-to-Server)
Indicator Details
Name: Reversible Passwords
Codename: C-USERS-REVER-PWDS
Severity: Medium
- Tactic: TA0003 - Persistence
- Techniques: T1556.005 - Modify Authentication Process
- Tactic: TA0008 - Lateral Movement
- Techniques: T1021 - Remote Services