We learn passwords of 1C users
For a successful test, it is necessary that the terminal server already has at least one user who successfully logs in to the 1C infobase (in the mode of the configurator or enterprise).
Launch the task manager and click on the button “Display processes of all users”, then in the window that appears, click on the “Continue” button. After we select the menu item: “View” -> “Select Columns ...” and in the window that appears, put a daw in front of the item “Command Line” and click the “OK” button. We look through the process 1cv8.exe with our eyes and observe something like this:

It was a revelation for me that starting 1C without such command line parameters as login and password, the current process starts a new one with authorization command line parameters, and then it ends itself.
I will not focus on the fact that for many mortals the same password is used not only to access IB 1C and what consequences the fact of ownership of the password by the other party can lead to. I just want to note that all attempts by 1C itself to use AES, Triple DES encryption algorithms, the SSL protocol for accessing information security, storing user passwords in a database table in a special format are crossed out by the above authorization method.
UPD:
Moved to the blog "Information Security"