Credential or password mismanagement in Active Directory (AD) domains pose significant security risks. Adversaries use leaked credentials to perform credential stuffing attacks to gain unauthorized access to other accounts by exploiting reused passwords across multiple platforms. The Zscaler ITDR server agent detects compromised identities and weak passwords in both regular and privileged AD user accounts.

After you enable and configure password analysis in the server agent policy, the agent identifies compromised or weak passwords by checking hashes against leaked databases, common patterns, and custom dictionaries while also monitoring for password reuse or rotation. The analysis is done locally on the selected domain controller (DC) and does not leave the customer environment, ensuring security and compliance.

About the Password Analysis Dashboard

On the Password Analysis dashboard (ITDR > Dashboard > Password Analysis > Dashboard), you can do the following:

1. Filter password analysis data by AD domains.
2. View the total number of AD user accounts analyzed, including both regular and privileged AD user accounts.
3. View the total number and percentage of AD user accounts with weak or easily guessed passwords.
4. View the total number and percentage of AD user accounts whose passwords have been found in leaked password databases.
5. View password analysis for privileged accounts, such as the total number of AD user accounts discovered, passwords cracked, passwords leaked, and passwords found in leaked databases. The data is also represented as a Venn diagram.