Lateral movement

Group Policy Preferences with cpassword

Risk Level

Hazardous (3)

Platform(s)

  • N/A

Description

We have found Group Policy Preferences file '{CpasswordFile}' with cpassword for {CpasswordFile.Cpasswords}. A cpassword is used for setting passwords from the Group Policy Preferences. Cpasswords are encrypted using a weak encryption algorithm, which can be easily decrypted and used for lateral movement

  • Recommended Mitigation

    Remove the cpassword from the policy file

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.