Hello,
I tried to see if this issue has already been brought up but did not find anything.
It has been brought to my attention, the following scenario:
A user browses a website, lets say "https://portal.office.com" where they have a password entry saved in their private password list. We also have a high number of shared passwords that have the same URL. When the user browses "https://portal.office.com" the auditing log shows that the user "retrieved password" for every password we have in the database using that URL.
I feel that this process should be revised (assuming it has not been yet as we have yet to update to the latest version). There shouldn't be an audit entry stating that the password was retrieved unless it was actually pulled and used.
Maybe pull a list of titles/usernames and audit that but not the actual password unless it is intended to be used by the end user. This fills up the auditing log and could cause for some confusion when a user is showing tons of password pulls when they did not intentionally do so.
Has anyone else run into this?
Thank you.