Solved

Can login as any user without password

Posted on 2006-07-19
5
200 Views
Last Modified: 2013-12-04
Hey guys & gals,

Heres the issue. My company provided a software app to client. At this point they've noticed that as long as you know an employers user id then you can logon to there system (WITHOUT A PASSWORD); & if you enter a password it has to be the correct one of course for that user. Is this issue Active Directory or is this something else? Assistance would be appreciated.
0
Comment
Question by:Gizneek
5 Comments
 
LVL 12

Expert Comment

by:gidds99
ID: 17140789
You say this is a software app.  Does this application use active directory for authentication?

You need to provide much more information about the application and the environment for anyone to help.
0
 
LVL 1

Author Comment

by:Gizneek
ID: 17140923
the app is using Active Directory for authentication. Its a medical scripting program for evaluations. So it is a Hospital Environment.
0
 
LVL 16

Accepted Solution

by:
mdiglio earned 500 total points
ID: 17141353
Hello,
As a test can you login to this application using a username and leaving the password blank.

Then check your domain controller security event viewer to see if there was a login from that user at that time.
Try it with a username that is not currently logged in so we do not get any conflicting reports
If you are not auditing logins let us know

I'm hoping that it won't show the user in the event viewer; it sounds like an aplpication problem.
0
 
LVL 32

Expert Comment

by:r-k
ID: 17142256
Can you clarify a bit. Are you talking about the Windows log-in, or a separate log-in to use the application?
0
 
LVL 12

Expert Comment

by:gidds99
ID: 17152002
I would agree with mdiglio that the event logs on the AD domain controller should allow you to determine whether the application is actually authenticating against AD (or not).

However, as r-k mentions it would also be helpful to have some more information about the application. Which type of application is it (web based, etc)? and please describe the authentication process in some detail.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
This video discusses moving either the default database or any database to a new volume.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now