Penetration Testing mailing list archives
Password storage - Reversible encryption in AD.
From: "Douglas E Baldwin" <Douglas.Baldwin () ipaper com>
Date: Fri, 24 Jan 2003 13:46:38 -0600
We have come across an application that is requiring passwords be stored in Active Directory using reversible encryption (in the Active Directory sense, not cyptographic). The documentation seems to be saying this is basically clear text. However, we haven't been able to pull any passwords off our test environment. If someone has experience with a similar setup, any help on where and how the passwords are actually stored, and the ease or method of actually pulling them off is very much appreciated. Also, if this isnt the best forum for this issue, any help in pointing me in the right direction is also appreciated. Thanks in advance for your help, Doug ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Password storage - Reversible encryption in AD. Douglas E Baldwin (Jan 24)