Logo

Password Analysis Report for TRAINING.LOCAL

Password Audit Results

Account Statistics

Cracked Admin Accounts (Group Membership): 5

Users with passwords containing 'blank password': 6

Users with passwords containing 'password': 9

Users with passwords containing 'welcome': 3

Users with passwords containing 'month of year': 2

Users with passwords containing 'company name': 2

Cracked Computer Accounts: 5

Users with passwords containing 'username similarity': 3

Users Configured with LM Hash: 1

Users with Cracked Passwords: 41

Accounts with Shared Passwords

Domain Policy Settings

Max Password Age: 63 days
Min Password Age: 1 day
Min Password Length: 0
Password History: 24
Lockout Threshold: 0
Lockout Duration: 5 minutes
Machine Account Quota: 10

Policy Compliance Metrics

41
Total Cracked
25
Predictable Patterns
5
Admin Accounts

How Violation Counts Work

Each account with a cracked password gets a violation count:

Maximum count: 8 violations per account. Higher numbers mean greater security risks.

Policy Violations by User

Username Length Last Set Violations
computer01$ 0 2024-02-03 Uses Blank/Empty Password
sccm$ 0 2023-11-30 Uses Blank/Empty Password
cal.em 0 2024-10-25 Uses Blank/Empty Password
christal.eugenia 0 2024-10-25 Uses Blank/Empty PasswordAS-REP Roastable Account with Weak Password
windows10$ 0 2026-05-19 Uses Blank/Empty Password
lab-sql01$ 0 2026-05-20 Uses Blank/Empty Password
marnia.chrissie 6 2024-02-27 AS-REP Roastable Account with Weak Password
perle.selie 7 2024-02-27 Password Cracked using Public Wordlist
jannelle.laird 7 2024-02-27 Password Cracked using Public Wordlist
jojo.katrina 7 2024-02-27 Password Cracked using Public Wordlist
korney.darelle 7 2024-02-27 Admin Account with Weak Password
maurine.cammie 7 2024-02-27 Password Cracked using Public Wordlist
sabine.myrtie 7 2024-02-27 Password Cracked using Public Wordlist
buffy.ruthanne 7 2024-02-27 Password Cracked using Public Wordlist
leigh.pennie 8 2024-02-27 AS-REP Roastable Account with Weak Password
joe.pathfinder 9 2024-01-20 Contains Variation of "Password"
debbie.kissie 9 2024-02-27 Contains Month Name (January, March, etc.)
demetra.myrtia 9 2024-02-27 Contains Variation of "Welcome"
lotti.renae 9 2024-02-27 Contains Variation of "Password"
cisco 9 2024-10-24 Password Similar to UsernameStatistically Likely Username
joe.smith 9 2026-04-30 Contains Variation of "Password"Statistically Likely Username
domainnameasuser 10 2024-01-21 Contains Company/Organization Name
aeriell.sandy 10 2024-02-27 Contains Variation of "Password"
annadiane.fae 10 2024-02-27 Contains Variation of "Welcome"
cherilynn.roselia 10 2024-02-27 Contains Variation of "Welcome"
test.users 10 2024-08-24 Password Cracked using Public Wordlist
boardroom 10 2024-10-25 Password Similar to UsernameStatistically Likely Username
victoria.rep 10 2023-12-01 Contains Variation of "Password"AS-REP Roastable Account with Weak Password
computer01 10 2025-03-15 Password Similar to Username
adcs 10 2025-03-15 Contains Company/Organization Name
unconstrained 11 2024-02-03 Contains Variation of "Password"
sqlserver10$ 11 2024-02-27 Password Cracked using Public Wordlist
testda 11 2024-03-07 Contains Variation of "Password"Admin Account with Weak PasswordStatistically Likely Username
jb 11 2026-03-24 Admin Account with Weak PasswordAS-REP Roastable Account with Weak PasswordStatistically Likely Username
da 11 2026-03-24 LM Hash Authentication EnabledAdmin Account with Weak PasswordKerberoastable Account with Weak PasswordStatistically Likely Username
administrator 11 2026-03-24 Admin Account with Weak PasswordStatistically Likely Username
sqlsvc 12 2023-12-01 Contains Variation of "Password"Kerberoastable Account with Weak Password
annette.leon 12 Never Password Cracked using Public Wordlist
robina.kippar 12 Never Password Cracked using Public Wordlist
anica.paulina 12 2024-02-27 Contains Variation of "Password"
christa.jacquenetta 13 2024-02-27 Contains Month Name (January, March, etc.)

Password Statistics

Password Length Distribution

Below minimum length (< 0 characters)
Meets requirement (≥ 0 characters)

User Account Analysis

Statistically Likely Usernames

Security Risk: The presence of statistically likely usernames in your organization, especially those with weak passwords, poses a significant security risk. Attackers often use databases of common usernames to enumerate valid accounts through Kerberos pre-authentication. Once valid usernames are identified, they can be targeted with password spraying attacks, potentially leading to unauthorized access.

The following enabled usernames were found in the statistically likely usernames list and have a weak password:

Kerberoastable Accounts

Security Risk: Kerberoastable accounts are those with Service Principal Names (SPNs) set. These accounts are vulnerable to offline password cracking attacks, which could lead to privilege escalation if the account has significant permissions.

The following enabled accounts are Kerberoastable and have a weak password:

AS-REP Roastable Accounts

Security Risk: AS-REP Roastable accounts have the "Do not require Kerberos preauthentication" option enabled. This configuration allows attackers to request authentication data for these accounts without prior authentication, making them vulnerable to offline password cracking attacks.

The following enabled accounts are AS-REP Roastable and have a weak password:

KRBTGT Account Password Age

Security Risk: The KRBTGT account is used to encrypt Kerberos tickets. If its password is not changed regularly, it can be used to create golden tickets, potentially allowing persistent, undetected access to the domain.

Warning: The krbtgt account password is over 6 months old. It was last changed on 11/29/2023.