專案資訊 #1065: Cleartext Passwords Stored in Domain Attributes - 01_外部專案 - MIS部門作業管理平台

動作

複製連結

專案資訊 #1065

進行中

專案資訊 #1064: 2025-PenTest

Cleartext Passwords Stored in Domain Attributes

是由 Joy Liao 於 3 個月前加入. 於 2 個月前更新.

狀態:

Resolved-解决

優先權:

High

被分派者:

益利周

分類:

開始日期:

2025-08-01

完成日期:

2025-12-31 (逾期 25 天)

完成百分比:

100%

預估工時:

概述

NNN bookmark20250526222819601367469548 "Cleartext Passwords Stored in Domain Attributes

Several users, including domain admins, store their passwords in cleartext in domain attributes.

" "Attackers getting access to the domain could potentially find the cleartext passwords and perform user impersonation or privilege escalation easily.

Although specific tools are required to read the domain attributes, a pertinent tool is readily available in a network share that is accessible to all domain users.

" "Avoid storing passwords in domain attributes.

Regularly audit domain attributes for any stored passwords or sensitive information.

" "Status: Open

CVSS-Score: 9.0

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Fix Difficulty: Quick Win

" "tahoho.com.tw
Attributes: info, scriptPath"

檔案

下載所有檔案

clipboard-202511121400-qb9lr.png (141 KB) clipboard-202511121400-qb9lr.png		益利周, 2025-11-12 14:00
clipboard-202511121400-m2mvt.png (136 KB) clipboard-202511121400-m2mvt.png		益利周, 2025-11-12 14:00
clipboard-202511121402-ygxdf.png (37.9 KB) clipboard-202511121402-ygxdf.png		益利周, 2025-11-12 14:02
clipboard-202511121403-urzvw.png (124 KB) clipboard-202511121403-urzvw.png		益利周, 2025-11-12 14:03

動作

複製連結

匯出至 Atom PDF

專案

一般

配置概況

(07)專案管理 » 01_外部專案

自訂查詢