Potential Clear-Text Password



Admins may store sensitive information on AD object attributes to ease their work. However, since any domain user can read these attributes, storing passwords or secret keys could risk credentials theft and harm the infrastructure.


Any user within the organization can read attributes in most AD objects. IT administrators may use certain attributes to store sensitive information such as passwords, keys, and other credentials. To prevent potential exposure of valid credentials, they must avoid storing such sensitive information in object attributes.

See Also

BlackHills InfoSec - Gathering secrets with AD Explorer

Microsoft - Active Directory User class

Microsoft - Active Directory Top class

Indicator Details

Name: Potential Clear-Text Password


Severity: High

MITRE ATT&CK Information:

Tactics: TA0008, TA0004, TA0006

Techniques: T1078

Attacker Known Tools

SysInternal: AD Explorer