Detections
Analytics

Potential Clear-Text Password

high

Language:

Description

Admins may store sensitive information on AD object attributes to ease their work. However, since any domain user can read these attributes, storing passwords or secret keys could risk credentials theft and harm the infrastructure.

Solution

Any user within the organization can read attributes in most AD objects. IT administrators may use certain attributes to store sensitive information such as passwords, keys, and other credentials. To prevent potential exposure of valid credentials, they must avoid storing such sensitive information in object attributes.

See Also

Microsoft - Active Directory User class

BlackHills InfoSec - Gathering secrets with AD Explorer

Microsoft - Active Directory Top class

Indicator Details

Name: Potential Clear-Text Password

Codename: C-CLEARTEXT-PASSWORD

Severity: High

MITRE ATT&CK Information:

Tactics: TA0008, TA0004, TA0006

Techniques: T1078, T1552

Attacker Known Tools

SysInternal: AD Explorer