H3-2022-0085¶

Credential Reuse - Shared Windows Local User and Domain User Accounts

Description¶

A local user credential from a Windows machine was re-used to access Active Directory as a domain user.

Impact¶

An attacker can exploit this weakness to pivot from a single machine to accessing the Windows domain, opening up attack paths against Active Directory that could be used to compromise the entire domain.

References¶

• NIST Password Guidelines
• MITRE ATT&CK Technique: T1078.002: Valid Accounts: Domain Accounts
• MITRE ATT&CK Technique: T1078.003: Valid Accounts: Local Accounts