Plaintext Passwords Stored in Memory
ID: plaintext-passwords-in-memory
Severity: high
Author: princechaddha
Tags: windows,security,credentials,windows-audit
Description
Section titled “Description”Checks if passwords are stored in memory in plaintext, potentially exposing sensitive information to unauthorized memory access.
YAML Source
Section titled “YAML Source”id: plaintext-passwords-in-memory
info: name: Plaintext Passwords Stored in Memory author: princechaddha severity: high description: Checks if passwords are stored in memory in plaintext, potentially exposing sensitive information to unauthorized memory access. impact: | Storing passwords in plaintext in memory can expose sensitive credentials to attackers who gain access to memory dumps or can read memory directly, leading to unauthorized access and data breaches. remediation: | Ensure that all sensitive data, especially passwords, are stored in memory in an encrypted or hashed format to mitigate the risk of exposure. tags: windows,security,credentials,windows-audit
self-contained: true
code: - pre-condition: | IsWindows(); engine: - powershell - powershell.exe args: - -ExecutionPolicy - Bypass pattern: "*.ps1" source: | if ((Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest' -Name 'UseLogonCredential' -ErrorAction SilentlyContinue).UseLogonCredential -eq 1) { "Plaintext passwords are stored in memory." }
matchers: - type: word words: - "Plaintext passwords are stored in memory."# digest: 4b0a0048304602210096f5a69a7eb5f990f7b6990997bbe801df7482b8883d6e9153360b9ed49d8df80221008946a1d10b3516bfdfd8925376bbbf0a091ac7236f0d6e223bbf5b3de884ed8a:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "code/windows/audit/plaintext-passwords-in-memory.yaml"