Hosting Provided By

Password storage - Reversible encryption in AD.

From: Douglas E Baldwin <Douglas.Baldwin(at)ipaper.com>
Date: Fri Jan 24 2003 - 14:46:38 EST

We have come across an application that is requiring passwords be stored in Active Directory using reversible encryption (in the Active Directory sense, not cyptographic). The documentation seems to be saying this is basically clear text. However, we haven't been able to pull any passwords off our test environment.

If someone has experience with a similar setup, any help on where and how the passwords are actually stored, and the ease or method of actually pulling them off is very much appreciated. Also, if this isnt the best forum for this issue, any help in pointing me in the right direction is also appreciated.

Thanks in advance for your help,
Doug

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ Received on Fri Jan 24 19:31:39 2003

This message: [ Message body ]
Next message: Pete Herzog: ""How To" OSSTMM 2.5 - Penetration Testing Methodology"
Previous message: marjan.rajabi(at)farmersinsurance.com: "Re: Risk/Threat Assessments for Utility specific software/hardware"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:31 EDT