GPP / cPassword Attacks

Overview

Group policy preferences (GPP) allowed Administrators to create policies using embedded credentials. These credentials were encrypted and placed in a "cPassword". The encryption key was released by accident so the all the passwords are decryptable.

Check with PowerUp.ps1

GPP Attack via Metasploit

Mitigation

• Be up to date on patching

• Delete old GPP xml files inside the SYSVOL