Can the password2 and password1 type fields be decrypted using scripts?

Suggy
Giga Sage

‎11-27-2024 08:46 AM - edited ‎11-27-2024 10:34 AM

One of my colleague challenged me that password2 and  password1 type fields in ServiceNow are not safe enough, it can be decrypted using scripts.

 

Is that really possible? Have you tried doing so? If yes, can you share the script to decrypt?

 

Thanks in advance

0 Helpfuls
  • 336 Views
1 REPLY 1

DrewW
Mega Sage
Mega Sage

‎11-27-2024 08:57 AM

Password2 fields use a reversable encryption so you can use a script to encrypt and decrypt the value.

Password1 fields use a hash and are not reversable.  You can use a script to set the value of the field.  This is true even with other user services like Active Directory.  So I don't know why you would be concerned that you can set the PW using a script and there for feel its less secure compared to something else.

0 Helpfuls