Microsoft Windows SMB Registry : Winlogon Cached Password Weakness

info Nessus 插件 ID 11457

语言:

简介

User credentials are stored in memory.

描述

The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is not 0. Using a value greater than 0 for the CachedLogonsCount key indicates that the remote Windows host locally caches the passwords of the users when they login, in order to continue to allow the users to login in the case of the failure of the primary domain controller (PDC).

Cached logon credentials could be accessed by an attacker and subjected to brute force attacks.

解决方案

Consult Microsoft documentation and best practices.

另见

http://www.nessus.org/u?184d3eab

http://www.nessus.org/u?fe16cea8

https://technet.microsoft.com/en-us/library/cc957390.aspx

插件详情

严重性: Info

ID: 11457

文件名: smb_reg_cachedlogons.nasl

版本: 1.17

类型: local

代理: windows

系列: Windows

发布时间: 2003/3/24

最近更新时间: 2018/6/5

依存关系: smb_login.nasl, netbios_name_get.nasl, smb_registry_access.nasl

风险信息

风险因素: Info

漏洞信息

必需的 KB 项: SMB/name, SMB/login, SMB/password, SMB/registry_access, SMB/transport