Compromising Plain Text Passwords in Active Directory
A lot of attention gets paid to preventing pass-the-hash and pass-the-ticket attacks, but imagine what an attacker could do with the actual passwords of privileged user accounts rather than just the hashes. Pass-the-hash gives attackers access to what can be performed from a command line, but plain text passwords give an attacker unlimited access to an account. This may include access to web applications, VPN, and email. If you need a primer on the difference between plain text passwords and…