Deactivated User Accounts Die Hard

  /     /     /  
Publicated : 22/11/2024   Category : security


Deactivated User Accounts Die Hard


New research finds deleted Windows accounts stick around for up to 10 hours and are open to abuse.



Deleted, expired, and locked-out Windows user accounts actually stay alive -- and vulnerable to abuse -- for up to 10 hours after they’ve been disabled, leaving the door open for malicious insider and targeted attacks, according to new research.
The issue is based on design weaknesses in the Kerberos protocol, as well as weaknesses in how Windows handles user account revocation, says Idan Plotnik, CEO of Aorato, which published its findings today.
Kerberos -- the authentication method used in Windows and Active Directory -- provides single sign-on for a corporate network and uses an organizational ticket for subsequent user access. As such, disabling a fired or other end-user account doesnt stop that user from temporarily accessing data and applications in the network. And attackers targeting an organization could use those invisibly active credentials to hack further into the targeted network, according to the research.
This exposes the corporation to attacks. And traditional security measures dont have proper visibility of those attacks, Plotnik says of most logging and SIEM products.
Backdoor malware can track changes to the Windows Active Directory by querying it, he says. Malware can sit there for six months and then see that Kelly is not in Active Directory anymore. It can then trigger to start using [that user] account and access resources. Everyone has access to Active Directory, but no one pays attention to it.
Aorato, which sells a directory services application firewall, says there are ways to track any abuse of disabled Windows user accounts, such as tying the ticket with the user account; tracking any changes in the state of user accounts and its activities; and terminating any disable user account requests to access a network resource.
The full report from Aorato is available
here
.

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Deactivated User Accounts Die Hard