A penetration tester was able to gain access to a plaintext file on a user workstation. Upon opening the file, the tester notices some strings of randomly generated text. The tester is able to use these strings to move laterally throughout the network by accessing the fileshare on a web application. Which of the following should the organization do to remediate the issue?
The presence of plaintext strings that can be used to move laterally across the network suggests that passwords or sensitive tokens are stored insecurely. Implementing a password management solution would help mitigate this issue by ensuring that passwords are stored securely and are not exposed in plaintext. Password managers typically use strong encryption to protect stored credentials and provide secure access to them.
Sanitizing user input, rotating keys, and utilizing certificate management address different aspects of security but do not directly resolve the issue of insecure password storage.
Importance of password management: NIST Password Guidelines
Examples of security breaches due to poor password management practices: Forge.
Maurine
2 months agoIlda
3 months agoJestine
3 months agoCarman
2 months agoMindy
2 months agoMyrtie
2 months agoChauncey
3 months agoCarmen
3 months agoGlen
3 months agoTammy
3 months agoTu
3 months agoIzetta
3 months ago