Solved

Can login as any user without password

Posted on 2006-07-19
5
201 Views
Last Modified: 2013-12-04
Hey guys & gals,

Heres the issue. My company provided a software app to client. At this point they've noticed that as long as you know an employers user id then you can logon to there system (WITHOUT A PASSWORD); & if you enter a password it has to be the correct one of course for that user. Is this issue Active Directory or is this something else? Assistance would be appreciated.
0
Comment
Question by:Gizneek
5 Comments
 
LVL 12

Expert Comment

by:gidds99
ID: 17140789
You say this is a software app.  Does this application use active directory for authentication?

You need to provide much more information about the application and the environment for anyone to help.
0
 
LVL 1

Author Comment

by:Gizneek
ID: 17140923
the app is using Active Directory for authentication. Its a medical scripting program for evaluations. So it is a Hospital Environment.
0
 
LVL 16

Accepted Solution

by:
mdiglio earned 500 total points
ID: 17141353
Hello,
As a test can you login to this application using a username and leaving the password blank.

Then check your domain controller security event viewer to see if there was a login from that user at that time.
Try it with a username that is not currently logged in so we do not get any conflicting reports
If you are not auditing logins let us know

I'm hoping that it won't show the user in the event viewer; it sounds like an aplpication problem.
0
 
LVL 32

Expert Comment

by:r-k
ID: 17142256
Can you clarify a bit. Are you talking about the Windows log-in, or a separate log-in to use the application?
0
 
LVL 12

Expert Comment

by:gidds99
ID: 17152002
I would agree with mdiglio that the event logs on the AD domain controller should allow you to determine whether the application is actually authenticating against AD (or not).

However, as r-k mentions it would also be helpful to have some more information about the application. Which type of application is it (web based, etc)? and please describe the authentication process in some detail.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now