Solved

Can login as any user without password

Posted on 2006-07-19
5
204 Views
Last Modified: 2013-12-04
Hey guys & gals,

Heres the issue. My company provided a software app to client. At this point they've noticed that as long as you know an employers user id then you can logon to there system (WITHOUT A PASSWORD); & if you enter a password it has to be the correct one of course for that user. Is this issue Active Directory or is this something else? Assistance would be appreciated.
0
Comment
Question by:Gizneek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 12

Expert Comment

by:gidds99
ID: 17140789
You say this is a software app.  Does this application use active directory for authentication?

You need to provide much more information about the application and the environment for anyone to help.
0
 
LVL 1

Author Comment

by:Gizneek
ID: 17140923
the app is using Active Directory for authentication. Its a medical scripting program for evaluations. So it is a Hospital Environment.
0
 
LVL 16

Accepted Solution

by:
mdiglio earned 500 total points
ID: 17141353
Hello,
As a test can you login to this application using a username and leaving the password blank.

Then check your domain controller security event viewer to see if there was a login from that user at that time.
Try it with a username that is not currently logged in so we do not get any conflicting reports
If you are not auditing logins let us know

I'm hoping that it won't show the user in the event viewer; it sounds like an aplpication problem.
0
 
LVL 32

Expert Comment

by:r-k
ID: 17142256
Can you clarify a bit. Are you talking about the Windows log-in, or a separate log-in to use the application?
0
 
LVL 12

Expert Comment

by:gidds99
ID: 17152002
I would agree with mdiglio that the event logs on the AD domain controller should allow you to determine whether the application is actually authenticating against AD (or not).

However, as r-k mentions it would also be helpful to have some more information about the application. Which type of application is it (web based, etc)? and please describe the authentication process in some detail.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question