id: reversible-encryption-passwords-enabled

info:
  name: Store Passwords Using Reversible Encryption Enabled
  author: princechaddha
  severity: critical
  description: Checks if the system is set to store passwords using reversible encryption, which is equivalent to plaintext storage.
  impact: |
    Storing passwords using reversible encryption significantly weakens password security and is comparable to plaintext storage.
  remediation: |
    Disable the option to store passwords using reversible encryption to protect credentials.
  tags: windows,code,windows-audit

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - powershell
      - powershell.exe
    args:
      - -ExecutionPolicy
      - Bypass
    pattern: "*.ps1"
    source: |
      Get-Module -ListAvailable -Name ActiveDirectory | % { Get-ADDefaultDomainPasswordPolicy | Select-Object -ExpandProperty ReversibleEncryptionEnabled }

    matchers:
      - type: word
        words:
          - "True"
# digest: 4a0a00473045022100ffbb4bbe9ae131967e095f860769bc4ee502b0e77336b1fa883b09ffdfe142130220792af56fd4628b4b3f37c1a9141d56ec5d996262f5f7d64d18dd3b159a7971ab:922c64590222798bb761d5b6d8e72950