Instructions
1. Where are the management user passwords stored in the ECS system?
A: Passwords are stored in vnest
2. How are the passwords stored, plain text, encrypted, etc?
A: The passwords are hashed. Passwords are hashed by the process which inserts the record (not done by vnest). Passwords are salted + hashed with sha_512
3. Is there a way to compare current and previous passwords for a management user (eg by comparing hash etc)?
A: ECS does audit logging to track a password change but it does not log hashes for comparison. The internal process does maintains a history (of last N password hashes) which is used to compare the previous passwords to enforce the enabled password policy.