| Component impacted||Cygni|
| Version impacted||2.7.2|
| Solution offered||None|
| Resources||This article|
About the "Reversible passwords" IoE:
Active Directory supports legacy applications that needed passwords in clear-text form to function. Storing passwords in reversible form is deprecated by Microsoft, as any user of the domain is able to decrypt them. Accounts with such property should be examined and if possible the Store password using reversible encryption policy setting should be removed.
Reversible passwords can be defined using the UAC settings and also by the PSO with the attribute "msDS-PasswordReversibleEncryptionEnabled". Unfortunately, the second option is not detected by Alsid for AD. Information:
It will be solved in an upcoming version of Alsid for AD.