Forum Discussion

johng69's avatar
johng69
Copper Contributor
Jun 28, 2023

Password security

Hi,

 

I was wondering if Active Directory passwords are transmitted in clear text over the network to domain controllers when a user authenticates on a client that is a member of the local domain.

 

To be more specific, I have a test lab with the following clients:

  1. A Windows 10 client that is a member of the domain
  2. A Synology NAS device that has been joined to the local domain

In the case of item 2, I ran Wireshark on the local domain controller. I can see frames labelled with the "KRB5" protocol and searched for the (test) username.


I'm not able to find any evidence of the password being detected in clear plain text

Resources