Adaxes

Checking the Have I been Pwned DB

0 votes

We're a new customer coming from ManageEngine and looking to use the password self service portal of Adaxes, I searched the Q&A and Scripts but didn't see anything like this, but we're looking for a way to check the Have I Been Pwned DB/API when a user goes to reset their password. ManageEngine Self Service supports this and we do not want to lose this functionality.

Can Adaxes do this with any sort of script setup or functions?

by (290 points)

1 Answer

0 votes
by (289k points)

Hello,

Unfortunately, we are not aware how the functionality works in ManageEngine, but there is nothing like that in Adaxes Password self-service built-in functionality. If you know how exactly you need the whole thing to work, please, get back to us with all the possible details and we will see if there is a solution we can suggest.

0

More or less, it uses API calls to check the NTLM hash of an AD account to known hashes in the Have I Been Pwned database.

There are two API versions which can be found here:

https://haveibeenpwned.com/API/v2

https://haveibeenpwned.com/API/v3

In ManageEngine, when the user submits the password change request, it kicks off an API call to the Have I been Pwned database, and the API returns a response code, if the response code is 200, this confirms a match, a 404 response code means there was no match and the password is safe to use.

by (290 points)
0

Hello,

Thank you for the provided details. We passed them to the corresponding department for consideration.

As of now, you can use a business rule triggering Before self-resetting password and a PowerShell script. The script will make the corresponding API call and act according to the response. For example, the operation can be cancelled with the corresponding message. However, this will be done once the user passes all the verification steps and submits the request for password reset.

by (289k points)

Related questions

0 votes
1 answer
I would like to delete users that have been disabled for more then X number of days

I would like to delete users that have been disabled for more then X number of days. This would be a phase of our deprovisioning process. The user is first disabled and placed ... we are sure that we no longer need it, I would like to automaticially delete it.

asked Oct 13, 2022 by rmedeiros (380 points)
0 votes
0 answers
I have a member of our Service Desk who can't install the newest version of the client (2023.3).

We've uninstalled the previous version via the "add/Remove Programs" feature in Windows 10, but we still get an error saying that another version of the client is still installed and won't allow us to run the .MSI installer. How can we get around this?

asked Feb 15 by MShep (80 points)
0 votes
1 answer
I have using a CustomAttributeBoolean field as a check box. How can I have the checkbox selected (true) by default.

The checkbox is not selected (False) by default.

asked May 30, 2022 by john.harding (70 points)
0 votes
1 answer
How can i change the langage of the custom actions i have create in the left panel ?

for example i add a form "create user for France" in the left pane, how can i translate it automatically when the UI in in French ? thank you

asked Apr 29, 2021 by GG (70 points)
0 votes
1 answer
What affect does enabling remote logging and reducing local db log times have on access to logs?

Are the logs still accessable using the "logging" link in the administrator console? What about the web console? What is the recommended setting for local log ... function within ADAXES to cleanup remote logs after they are past our retention requirements?

asked Jul 12, 2023 by stevehalvorson (110 points)
3,548 questions
3,238 answers
8,232 comments
547,811 users