Solved

Can login as any user without password

Posted on 2006-07-19
5
203 Views
Last Modified: 2013-12-04
Hey guys & gals,

Heres the issue. My company provided a software app to client. At this point they've noticed that as long as you know an employers user id then you can logon to there system (WITHOUT A PASSWORD); & if you enter a password it has to be the correct one of course for that user. Is this issue Active Directory or is this something else? Assistance would be appreciated.
0
Comment
Question by:Gizneek
5 Comments
 
LVL 12

Expert Comment

by:gidds99
ID: 17140789
You say this is a software app.  Does this application use active directory for authentication?

You need to provide much more information about the application and the environment for anyone to help.
0
 
LVL 1

Author Comment

by:Gizneek
ID: 17140923
the app is using Active Directory for authentication. Its a medical scripting program for evaluations. So it is a Hospital Environment.
0
 
LVL 16

Accepted Solution

by:
mdiglio earned 500 total points
ID: 17141353
Hello,
As a test can you login to this application using a username and leaving the password blank.

Then check your domain controller security event viewer to see if there was a login from that user at that time.
Try it with a username that is not currently logged in so we do not get any conflicting reports
If you are not auditing logins let us know

I'm hoping that it won't show the user in the event viewer; it sounds like an aplpication problem.
0
 
LVL 32

Expert Comment

by:r-k
ID: 17142256
Can you clarify a bit. Are you talking about the Windows log-in, or a separate log-in to use the application?
0
 
LVL 12

Expert Comment

by:gidds99
ID: 17152002
I would agree with mdiglio that the event logs on the AD domain controller should allow you to determine whether the application is actually authenticating against AD (or not).

However, as r-k mentions it would also be helpful to have some more information about the application. Which type of application is it (web based, etc)? and please describe the authentication process in some detail.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Admin File Share Access 9 86
Excel file "Document not saved" 8 130
Can't copy file to system32 folder permissons issue 5 711
Is CCleaner a virus?  Do you use CCleaner? 18 390
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question