Hello,
Windows is throwing security events with ID 4625 with Logon type 8. After verifying with Wireshark that the network packets are encrypted through TLS, I began to wonder why is Windows saying it is seeing the password in Cleartext.
I can't seem to find anything related to how Horizon processes logins and password. From my understanding:
Client does not hash password -> TLS encrypts packets over network -> Server unencrypts TLS packets -> Server receives unhashed password -> ?
Any clarification would be great.