Limited security risque

Last week i found out i couldnt login to ADNM anymore, apparently the password was no good anymore…
i knew several topics are about this very problem but mainly it meant reinstalling ADNM.

i dug some deeper and found an old thread about editing the the password in the database itself, but it was not confirmed to work.
Since i have a separate database server i opened the management tool for the DB and logged in with write rights
i opened the table and selected the top 200 rows (have only 3 (administrator, Guest, empty realname, sufficient to say last 2 are not visible in the ADNM GUI)) of the users table.

I saw the id, realname and the encrypted password (but not the username, i found out later)

for a moment there i got bummed… cant use encrypted passwords (too much hassle to try the different decoding algorithms)…
i initially didnt want to change the password because i didnt want to break the ADNM installation… .but then i thought
“What the heck… i cant login anyway, a reinstall will be imminent anyway… besides resistance is futile”
so i went to the password cell and deleted the encrypted text and put in plain text my own password i wanted to use…

i opened the ADNM console, put in the password and … im in as full administrator…

so this is basically a security risque, BUT only when the following conditions are met:

  1. You know the username and real name (as registered in ADNM for reference to the correct password cell) from the administrator (or a user with administrator rights) for ADNM (not AD or the local computer)
  2. You have write access to the ADNM database directly

im not sure if it is known but by this thread i would say its mentioned…