Microsoft Windows SMB Registry : Winlogon Cached Password Weakness
info Nessus 插件 ID 11457
User credentials are stored in memory.
The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is not 0. Using a value greater than 0 for the CachedLogonsCount key indicates that the remote Windows host locally caches the passwords of the users when they login, in order to continue to allow the users to login in the case of the failure of the primary domain controller (PDC). Cached logon credentials could be accessed by an attacker and subjected to brute force attacks.
Consult Microsoft documentation and best practices.