Password storage - Reversible encryption in AD.
From: Douglas E Baldwin (Douglas.Baldwin@ipaper.com)
Date: 01/24/03
- Previous message: marjan.rajabi@farmersinsurance.com: "Re: Risk/Threat Assessments for Utility specific software/hardware"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Pen-test@securityfocus.com From: "Douglas E Baldwin" <Douglas.Baldwin@ipaper.com> Date: Fri, 24 Jan 2003 13:46:38 -0600
We have come across an application that is requiring passwords be stored in
Active Directory using reversible encryption (in the Active Directory
sense, not cyptographic). The documentation seems to be saying this is
basically clear text. However, we haven't been able to pull any passwords
off our test environment.
If someone has experience with a similar setup, any help on where and how
the passwords are actually stored, and the ease or method of actually
pulling them off is very much appreciated. Also, if this isnt the best
forum for this issue, any help in pointing me in the right direction is
also appreciated.
Thanks in advance for your help,
Doug
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Next message: Pete Herzog: ""How To" OSSTMM 2.5 - Penetration Testing Methodology"
- Previous message: marjan.rajabi@farmersinsurance.com: "Re: Risk/Threat Assessments for Utility specific software/hardware"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
