Kevin Gay wrote:
> Turn on password length of 6 and see who complains :P, that is if there
> is some ethical problem with cracking the sam file, but I do have to
> question why its not set to begin with.
The problem with this method is that the password length check does not
happen unless they change their passwords. So unless you are suggesting
to set password length to at least 6 characters and set all the accounts
to change password at next logon (impractical) This will not work.
>> -----Original Message-----
>> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
>> On Behalf Of igor.mamuzic (at) koncar-inem (dot) hr [email concealed]
>> Sent: Monday, April 02, 2007 11:43 AM
>> To: focus-ms (at) securityfocus (dot) com [email concealed]
>> Subject: Discovering Active Direcory users with blank passwords
>>
>> Is there a way to discover Active Directory users with blank passwords
>> if I have domain admin privileges and local access to my domain
>> controllers?
>>
> Turn on password length of 6 and see who complains :P, that is if there
> is some ethical problem with cracking the sam file, but I do have to
> question why its not set to begin with.
The problem with this method is that the password length check does not
happen unless they change their passwords. So unless you are suggesting
to set password length to at least 6 characters and set all the accounts
to change password at next logon (impractical) This will not work.
>> -----Original Message-----
>> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
>> On Behalf Of igor.mamuzic (at) koncar-inem (dot) hr [email concealed]
>> Sent: Monday, April 02, 2007 11:43 AM
>> To: focus-ms (at) securityfocus (dot) com [email concealed]
>> Subject: Discovering Active Direcory users with blank passwords
>>
>> Is there a way to discover Active Directory users with blank passwords
>> if I have domain admin privileges and local access to my domain
>> controllers?
>>
--
Raoul Armfield
rarmfield at amnh dot org
[ reply ]