Test-PasswordQuality Add SamAccountName as Password test

2023-08-07 20:59:43 +02:00 · 2023-08-07 20:59:43 +02:00 · 9a94fb848a
parent a273b1371e
commit 9a94fb848a
3 changed files with 38 additions and 1 deletions
--- a/Src/DSInternals.PowerShell/Commands/Misc/TestPasswordQualityCommand.cs
+++ b/Src/DSInternals.PowerShell/Commands/Misc/TestPasswordQualityCommand.cs
@ -234,7 +234,11 @@
                // Skip the remaining tests, because they only make sense for non-empty passwords.
                return;
            }
-
+            if (this.Account.SamAccountType == SamAccountType.User)
+            {
+                // Check if the user has the SamAccountName as password.
+                this.TestSamAccountNameAsPassword();
+            }
            if (this.Account.SamAccountType == SamAccountType.Computer)
            {
                // Check if the computer has a default password.
@ -466,6 +470,28 @@
            accountList.Add(this.Account.LogonName);
        }

+        private void TestSamAccountNameAsPassword()
+        {
+            string userLowerPassword = this.Account.SamAccountName.ToLower();
+            string userExactPassword = this.Account.SamAccountName;
+            byte[] userLowerHash = NTHash.ComputeHash(userLowerPassword);
+            byte[] userExactHash = NTHash.ComputeHash(userExactPassword);
+            if (HashEqualityComparer.GetInstance().Equals(this.Account.NTHash, userLowerHash))
+            {
+                // Username Password is lowercase SamAccountName
+
+                this.result.SamAccountNameAsPassword.Add(this.Account.LogonName);
+            }
+            else
+            {
+                if (HashEqualityComparer.GetInstance().Equals(this.Account.NTHash, userExactHash))
+                {
+                    // Username Password is exact SamAccountName
+                    this.result.SamAccountNameAsPassword.Add(this.Account.LogonName);
+                }
+            }
+        }
+
        private void TestComputerDefaultPassword()
        {
            string defaultPassword = this.Account.SamAccountName.TrimEnd('$').ToLower();
--- a/Src/DSInternals.PowerShell/Types/PasswordQualityTestResult.cs
+++ b/Src/DSInternals.PowerShell/Types/PasswordQualityTestResult.cs
@ -27,6 +27,11 @@
        /// </summary>
        public ISet<string> WeakPassword = new SortedSet<string>();

+        /// <summary>
+        /// List of user accounts with SamAccountName as passwords.
+        /// </summary>
+        public ISet<string> SamAccountNameAsPassword = new SortedSet<string>();
+
        /// <summary>
        /// List of computer accounts with default passwords.
        /// </summary>
--- a/Src/DSInternals.PowerShell/Views/DSInternals.PasswordQualityTestResult.format.ps1xml
+++ b/Src/DSInternals.PowerShell/Views/DSInternals.PasswordQualityTestResult.format.ps1xml
@ -89,6 +89,12 @@
                <PropertyName>DuplicatePasswordGroups</PropertyName>
                <CustomControlName>AccountGroupList</CustomControlName>
              </ExpressionBinding>
+              <Text>These user accounts have the SamAccountName as password:</Text>
+              <NewLine />
+              <ExpressionBinding>
+                <PropertyName>SamAccountNameAsPassword</PropertyName>
+                <CustomControlName>AccountList</CustomControlName>
+              </ExpressionBinding>
              <Text>These computer accounts have default passwords:</Text>
              <NewLine />
              <ExpressionBinding>