However, in a typical identity attack, compromised local administrator account allow attackers to perform Pass-the-Hash (PtH) attacks and laterally move within the organization by compromising more systems easily. But these local administrator accounts remain the same as changing passwords on local accounts is a time-consuming, complex process. When someone leaves the company, we usually change their domain password or disable their accounts. We know some use well-known passwords like ‘Pa$$w0rd’ for local administrator accounts. Most of the time this password is a non-complex one as well. This account is usually used as a backdoor by administrators for software installation/uninstallation, to log in when domain authentication not working, for OS troubleshooting, and so on. In a business, when setting up new servers or computers, most of the time administrators are using one common password for the local administrator account.
0 kommentar(er)
