Solved

Can login as any user without password

Posted on 2006-07-19
5
205 Views
Last Modified: 2013-12-04
Hey guys & gals,

Heres the issue. My company provided a software app to client. At this point they've noticed that as long as you know an employers user id then you can logon to there system (WITHOUT A PASSWORD); & if you enter a password it has to be the correct one of course for that user. Is this issue Active Directory or is this something else? Assistance would be appreciated.
0
Comment
Question by:Gizneek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 12

Expert Comment

by:gidds99
ID: 17140789
You say this is a software app.  Does this application use active directory for authentication?

You need to provide much more information about the application and the environment for anyone to help.
0
 
LVL 1

Author Comment

by:Gizneek
ID: 17140923
the app is using Active Directory for authentication. Its a medical scripting program for evaluations. So it is a Hospital Environment.
0
 
LVL 16

Accepted Solution

by:
mdiglio earned 500 total points
ID: 17141353
Hello,
As a test can you login to this application using a username and leaving the password blank.

Then check your domain controller security event viewer to see if there was a login from that user at that time.
Try it with a username that is not currently logged in so we do not get any conflicting reports
If you are not auditing logins let us know

I'm hoping that it won't show the user in the event viewer; it sounds like an aplpication problem.
0
 
LVL 32

Expert Comment

by:r-k
ID: 17142256
Can you clarify a bit. Are you talking about the Windows log-in, or a separate log-in to use the application?
0
 
LVL 12

Expert Comment

by:gidds99
ID: 17152002
I would agree with mdiglio that the event logs on the AD domain controller should allow you to determine whether the application is actually authenticating against AD (or not).

However, as r-k mentions it would also be helpful to have some more information about the application. Which type of application is it (web based, etc)? and please describe the authentication process in some detail.
0

Featured Post

Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question