How to mitigate Plaintext Password Extraction
Group Policy Preferences allow administrators to create and manage local accounts on servers and workstations in an Active Directory (AD) domain. Attackers can easily find and obtain the encrypted passwords of administrative account credentials managed by Group Policy Preferences and decrypt them using the Microsoft-published AES key.
Stealthbits’ products provide a multitude of ways to mitigate Plaintext Policy Extraction.
The best protection from Group Policy Preference abuse is to remove any passwords from GPPs.
APPROACH
Identify & Remove GPP Passwords
DESCRIPTION
Report on any group policy preferences which leverage cPassword fields that contain password data which can be decrypted. Remove the dependency on these and migrate to a more secure way to accomplish the task of that GPP setting.
PRODUCT: StealthAUDIT
© 2022 Stealthbits Technologies, Inc.