Adaxes

Checking the Have I been Pwned DB

0 votes

We're a new customer coming from ManageEngine and looking to use the password self service portal of Adaxes, I searched the Q&A and Scripts but didn't see anything like this, but we're looking for a way to check the Have I Been Pwned DB/API when a user goes to reset their password. ManageEngine Self Service supports this and we do not want to lose this functionality.

Can Adaxes do this with any sort of script setup or functions?

by (210 points)

1 Answer

0 votes
by (272k points)

Hello,

Unfortunately, we are not aware how the functionality works in ManageEngine, but there is nothing like that in Adaxes Password self-service built-in functionality. If you know how exactly you need the whole thing to work, please, get back to us with all the possible details and we will see if there is a solution we can suggest.

0

More or less, it uses API calls to check the NTLM hash of an AD account to known hashes in the Have I Been Pwned database.

There are two API versions which can be found here:

https://haveibeenpwned.com/API/v2

https://haveibeenpwned.com/API/v3

In ManageEngine, when the user submits the password change request, it kicks off an API call to the Have I been Pwned database, and the API returns a response code, if the response code is 200, this confirms a match, a 404 response code means there was no match and the password is safe to use.

by (210 points)
0

Hello,

Thank you for the provided details. We passed them to the corresponding department for consideration.

As of now, you can use a business rule triggering Before self-resetting password and a PowerShell script. The script will make the corresponding API call and act according to the response. For example, the operation can be cancelled with the corresponding message. However, this will be done once the user passes all the verification steps and submits the request for password reset.

by (272k points)

Related questions

0 votes
1 answer
I would like to delete users that have been disabled for more then X number of days

I would like to delete users that have been disabled for more then X number of days. This would be a phase of our deprovisioning process. The user is first disabled and placed ... we are sure that we no longer need it, I would like to automaticially delete it.

asked Oct 13, 2022 by rmedeiros (380 points)
0 votes
0 answers
I have a member of our Service Desk who can't install the newest version of the client (2023.3).

We've uninstalled the previous version via the "add/Remove Programs" feature in Windows 10, but we still get an error saying that another version of the client is still installed and won't allow us to run the .MSI installer. How can we get around this?

asked Feb 15 by MShep (80 points)
0 votes
1 answer
I have using a CustomAttributeBoolean field as a check box. How can I have the checkbox selected (true) by default.

The checkbox is not selected (False) by default.

asked May 30, 2022 by john.harding (70 points)
0 votes
1 answer
How can i change the langage of the custom actions i have create in the left panel ?

for example i add a form "create user for France" in the left pane, how can i translate it automatically when the UI in in French ? thank you

asked Apr 29, 2021 by GG (70 points)
0 votes
1 answer
Is it possible to have an email sent if a user has been removed from a certain OU?

A little bit of context: There are 3 departments that share 1 Active Directory. Now each department has its own OU. I would like to have an email sent when a user is ... if this is possible without Powershell? If not, is there a pre-existing script for this?

asked Oct 3, 2023 by Cas (150 points)
3,351 questions
3,052 answers
7,791 comments
545,090 users