How to find cleartext passwords #3038
-
|
How would I go about seeing if cleartext passwords are traversing my network? Is there a built-in module or a custom rule(s) for what traffic to look for the cleartext? Thanks |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
Open the 'Hunt' interface and search for And yes, the default Suricata rules should flag such things. I've seen that on my network before and it alerted me to take actions to install Cert's on my systems that needed them. |
Beta Was this translation helpful? Give feedback.
-
|
Also, it's only gonna see anything if/when a cleartext password is entered. Do you have an insecured test interface that uses cleartext? Insecured FTP is notorious for that. |
Beta Was this translation helpful? Give feedback.
-
|
I was concerned about instances of telnet being used. A quick check revealed none so far. I will perform a test to verify. Thank you. |
Beta Was this translation helpful? Give feedback.
Open the 'Hunt' interface and search for
passwordorcleartextYou can do the same search in Kibana if you prefer that interface.
And yes, the default Suricata rules should flag such things. I've seen that on my network before and it alerted me to take actions to install Cert's on my systems that needed them.
https://doc.emergingthreats.net/bin/view/Main/WebSearch?search=cleartext&scope=all&web=Main