'PassFilt.dll' always pass some passwords

  • 293 Views
  • Last Post 07 May 2019
Mahdi posted this 06 May 2019

Hello,

Been playing around with 'Passfiltex.dll' which can be downloaded from the this link provided by Ryan Ries. Noticed that some passwords are always get passed instead of getting filtered. Like this one: Pa55w.rd or P@55w.rd.

Have you tried this DLL before and experienced something similair?

 

For second question, what are your thoughts of using downloadable 'Troy Hunt' password DB which size is almost 11 GB now? It's kind of unacceptable to have a 11GB file in system32 and check all the passwords with that file (Performance?), but what do you think? Also, the file contains the hash instead of the clear passwords. So not sure if we can feed the DLL with that file or not.

 

Any experience?

Order By: Standard | Newest | Votes
daemonr00t posted this 06 May 2019

Hi,







Time travel has always been a mystery for humanity but I won't recommend that in technology. At least not backwards:)






FGPP are your solution.






I remember just a few folks who deployed  a custom password filter and it was a PITA.











Get Outlook for Android







show

Mahdi posted this 07 May 2019

Thanks Danny,

 

The problem with FGPP is that it can not prevent poeple from choosing dumb (but according to policy) passwords. Can you tell me about the guys you mentioned and what were their hard times during the time they had PassFilt ? Are they still using it or they just gave up? I am also thinking about the third party PassFilt but again I should test that.

 

 

daemonr00t posted this 07 May 2019

As far as I remember that is long time deprecated, so Microsoft won't offer support t to it.






Anyone out there that can confirm that?






Now bear I in mind that we are talking about maintaining a local DLL on all your controllers, depending on the size of your environment this could become a pain if you don't have a tight control in place.











~dannyCS







show

Biju_Babu posted this 07 May 2019

Azure AD Password protection has a similar feature where it filters known bad passwords and can be installed in on-premise domain controllers.

 

https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Azure-AD-Password-Protection-is-now-generally-available/ba-p/377487



 



 

 

Regards

Biju



 

show

dloder posted this 07 May 2019

Azure AD Password Protection is the modern implementation to keep people from choosing poor passwords.https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad-on-premises
-- dloder.blogspot.com --


show

kurtbuff posted this 07 May 2019

No experience with this, but have you seen this?
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-faq

Kurt

show

Close