Try in Splunk Security Cloud

Description

Leverage searches that detect cleartext network protocols that may leak credentials or should otherwise be encrypted.

  • Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud
  • Datamodel: Network_Traffic
  • Last Updated: 2017-09-15
  • Author: Bhavin Patel, Splunk
  • ID: 826e6431-aeef-41b4-9fc0-6d0985d65a21

Narrative

Various legacy protocols operate by default in the clear, without the protections of encryption. This potentially leaks sensitive information that can be exploited by passively sniffing network traffic. Depending on the protocol, this information could be highly sensitive, or could allow for session hijacking. In addition, these protocols send authentication information, which would allow for the harvesting of usernames and passwords that could potentially be used to authenticate and compromise secondary systems.

Detections

Name Technique Type
Protocols passing authentication in cleartext   TTP

Reference

source | version: 1