Each account with a cracked password gets a violation count:
Maximum count: 8 violations per account. Higher numbers mean greater security risks.
| Username | Length | Last Set | Violations |
|---|---|---|---|
| computer01$ | 0 | 2024-02-03 | Uses Blank/Empty Password |
| sccm$ | 0 | 2023-11-30 | Uses Blank/Empty Password |
| cal.em | 0 | 2024-10-25 | Uses Blank/Empty Password |
| christal.eugenia | 0 | 2024-10-25 | Uses Blank/Empty PasswordAS-REP Roastable Account with Weak Password |
| windows10$ | 0 | 2026-05-19 | Uses Blank/Empty Password |
| lab-sql01$ | 0 | 2026-05-20 | Uses Blank/Empty Password |
| marnia.chrissie | 6 | 2024-02-27 | AS-REP Roastable Account with Weak Password |
| perle.selie | 7 | 2024-02-27 | Password Cracked using Public Wordlist |
| jannelle.laird | 7 | 2024-02-27 | Password Cracked using Public Wordlist |
| jojo.katrina | 7 | 2024-02-27 | Password Cracked using Public Wordlist |
| korney.darelle | 7 | 2024-02-27 | Admin Account with Weak Password |
| maurine.cammie | 7 | 2024-02-27 | Password Cracked using Public Wordlist |
| sabine.myrtie | 7 | 2024-02-27 | Password Cracked using Public Wordlist |
| buffy.ruthanne | 7 | 2024-02-27 | Password Cracked using Public Wordlist |
| leigh.pennie | 8 | 2024-02-27 | AS-REP Roastable Account with Weak Password |
| joe.pathfinder | 9 | 2024-01-20 | Contains Variation of "Password" |
| debbie.kissie | 9 | 2024-02-27 | Contains Month Name (January, March, etc.) |
| demetra.myrtia | 9 | 2024-02-27 | Contains Variation of "Welcome" |
| lotti.renae | 9 | 2024-02-27 | Contains Variation of "Password" |
| cisco | 9 | 2024-10-24 | Password Similar to UsernameStatistically Likely Username |
| joe.smith | 9 | 2026-04-30 | Contains Variation of "Password"Statistically Likely Username |
| domainnameasuser | 10 | 2024-01-21 | Contains Company/Organization Name |
| aeriell.sandy | 10 | 2024-02-27 | Contains Variation of "Password" |
| annadiane.fae | 10 | 2024-02-27 | Contains Variation of "Welcome" |
| cherilynn.roselia | 10 | 2024-02-27 | Contains Variation of "Welcome" |
| test.users | 10 | 2024-08-24 | Password Cracked using Public Wordlist |
| boardroom | 10 | 2024-10-25 | Password Similar to UsernameStatistically Likely Username |
| victoria.rep | 10 | 2023-12-01 | Contains Variation of "Password"AS-REP Roastable Account with Weak Password |
| computer01 | 10 | 2025-03-15 | Password Similar to Username |
| adcs | 10 | 2025-03-15 | Contains Company/Organization Name |
| unconstrained | 11 | 2024-02-03 | Contains Variation of "Password" |
| sqlserver10$ | 11 | 2024-02-27 | Password Cracked using Public Wordlist |
| testda | 11 | 2024-03-07 | Contains Variation of "Password"Admin Account with Weak PasswordStatistically Likely Username |
| jb | 11 | 2026-03-24 | Admin Account with Weak PasswordAS-REP Roastable Account with Weak PasswordStatistically Likely Username |
| da | 11 | 2026-03-24 | LM Hash Authentication EnabledAdmin Account with Weak PasswordKerberoastable Account with Weak PasswordStatistically Likely Username |
| administrator | 11 | 2026-03-24 | Admin Account with Weak PasswordStatistically Likely Username |
| sqlsvc | 12 | 2023-12-01 | Contains Variation of "Password"Kerberoastable Account with Weak Password |
| annette.leon | 12 | Never | Password Cracked using Public Wordlist |
| robina.kippar | 12 | Never | Password Cracked using Public Wordlist |
| anica.paulina | 12 | 2024-02-27 | Contains Variation of "Password" |
| christa.jacquenetta | 13 | 2024-02-27 | Contains Month Name (January, March, etc.) |
Security Risk: The presence of statistically likely usernames in your organization, especially those with weak passwords, poses a significant security risk. Attackers often use databases of common usernames to enumerate valid accounts through Kerberos pre-authentication. Once valid usernames are identified, they can be targeted with password spraying attacks, potentially leading to unauthorized access.
The following enabled usernames were found in the statistically likely usernames list and have a weak password:
Security Risk: Kerberoastable accounts are those with Service Principal Names (SPNs) set. These accounts are vulnerable to offline password cracking attacks, which could lead to privilege escalation if the account has significant permissions.
The following enabled accounts are Kerberoastable and have a weak password:
Security Risk: AS-REP Roastable accounts have the "Do not require Kerberos preauthentication" option enabled. This configuration allows attackers to request authentication data for these accounts without prior authentication, making them vulnerable to offline password cracking attacks.
The following enabled accounts are AS-REP Roastable and have a weak password:
Security Risk: The KRBTGT account is used to encrypt Kerberos tickets. If its password is not changed regularly, it can be used to create golden tickets, potentially allowing persistent, undetected access to the domain.
Warning: The krbtgt account password is over 6 months old. It was last changed on 11/29/2023.