Hello,

Windows is throwing security events with ID 4625 with Logon type 8. After verifying with Wireshark that the network packets are encrypted through TLS, I began to wonder why is Windows saying it is seeing the password in Cleartext.

I can't seem to find anything related to how Horizon processes logins and password. From my understanding:

Client does not hash password -> TLS encrypts packets over network -> Server unencrypts TLS packets -> Server receives unhashed password -> ?

Any clarification would be great.