User Passwords Stored in Active Directory #27
Description
There are X users who have their passwords stored in active directory. These accounts were verified to have these passwords still active and the accounts are enabled. This is usually the result of an application creating a user in Active Directory programmatically using direct LDAP queries. It is recommended these accounts be investigated to see if they are still in use and if the passwords can be changed. The effect is that any user in the domain can query LDAP for these passwords in clear text.