H3-2025-0067¶

LAPS Password Exposure

Description¶

A regular domain account was found to have access in Active Directory to the Local Administrator Password Solution (LAPS) passwords of managed hosts.

Impact¶

An attacker can use the exposed LAPS passwords to access managed hosts as a local administrator. This could enable an attacker to move laterally or escalate privileges in the environment.

References¶

• Overview of Windows LAPS PowerShell Cmdlets
• Local Administrator Password Solution (LAPS)
• Microsoft LAPS Security & Active Directory LAPS Configuration Recon
• Configure policy settings for Windows LAPS
• MITRE ATT&CK Technique: T1552: Unsecured Credentials