Lateral movement

Group Policy Preferences with cpassword

Risk Level

Hazardous (3)

Platform(s)
  • N/A

Description

We have found Group Policy Preferences file '{CpasswordFile}' with cpassword for {CpasswordFile.Cpasswords}. A cpassword is used for setting passwords from the Group Policy Preferences. Cpasswords are encrypted using a weak encryption algorithm, which can be easily decrypted and used for lateral movement
  • Recommended Mitigation

    Remove the cpassword from the policy file