Detections
Analytics
3.073 - The system must be configured to prevent the storage of the LAN Manager hash of passwords.
Information
The LAN Manager hash uses a weak encryption algorithm. Account passwords can be retrieved from this hash using available tools. This setting controls whether or not a LAN Manager hash of the password is stored in the SAM the next time the password is changed.Solution
Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> 'Network security- Do not store LAN Manager hash value on next password change' to 'Enabled'.See Also
http://iasecontent.disa.mil/stigs/zip/Oct2016/U_Windows_Vista_V6R41_STIG.zip
Item Details
Audit Name: DISA Windows Vista STIG v6r41
Category: IDENTIFICATION AND AUTHENTICATION
References: 800-53|IA-5(1)(c), CAT|I, CCI|CCI-000196, Rule-ID|SV-29269r2_rule, STIG-ID|3.073, Vuln-ID|V-3379
Plugin: Windows
Control ID: 27a82e1d0732cb9cfb81821b455d73d37046826a2f2c41f0a9937f2ea7fc8d2c