AD and Local Authentication issue

AD and Local Authentication issue

Hello,
 
I have a SDP 8016 deployment that imports users from 2 AD forests and also allows for user self-registration by sending an email. Those users obviously use SDP Local Authentication.
 
We have realized that users in the AD are able to login with their AD credentials but also with the Local Authentication credentials.
 
This seems to be a big security issue, as technicians have a dual login and the one from the Local Authentication has a trivial password (username=password).
 
To reproduce the issue:
 
- Configure AD and Local Authentication.
- Import users from AD.
- Login to the system by using the AD user and password and choosing the right domain in the "Log on to" dropdown.
- Logout.
- Login to the system by using the AD user as username and also as password and choosing Local Authentication in the "Log on to" dropdown.
 
You should be able to login, what is wrong.
 
A possible fix is that the AD import module sets a random secure password for imported users, instead of setting up one that is matching the username. Then, even if the system is using AD integrated authentication or not, the login would be somewhat secure.
 
Another possible fix is to verify at login time if the user has an AD username, but this sounds more difficult to me to implement as a fix.

        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                        Related Products