Group policies preferences allowed admins to create policies using embedded credentials.
These credentials were encrypted and placed in a "cPassword"
The key was accidentally released by Microsoft
Patched in MS14-025 but doesn't prevent previous uses.
The key was stored in SYSVOL
Any Domain User can read the policy
https://www.rapid7.com/blog/post/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/arrow-up-right
Last updated 3 years ago
