search cancel

Are passwords stored in the SAM database encypted or plaintext

book

Article ID: 109854

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction



Are passwords stored in the SAM (formerly PUPM) database encrypted or plaintext?

This is the same database that is used for the ENTM (Enterprise Management).

Environment

Release:
Component: SEOSPP

Resolution

The passwords are encrypted using AES 256 with a unique seed key defined when the database is first created. The seed is encrypted in a proprietary file (fipskey.dat) and cannot be modified once the database has been created

If you want to verify the method you can execute the following against the ENTM database: 

SELECT NEW_PASSWORD, OLD_PASSWORD from ACCOUNT_PASSWORD; 
SELECT PASSWORD FROM ACCOUNT_PASSWORD_HISTORY;

 

A sample validation would look like this where we define the encryption method in the password field.

1 1 Account name: "rotateme" on "xxxx.broadcom.net" Accounts ("Access Control for PUPM") Access Control for PUPM xxxxxx.broadcom.net Accounts rotateme exxxx {AES}:/A54kLAy+aBzViLM87lpgQ== {AES}:5vPerP6xVtY2DJGITuCsvw==