Detections
Analytics
3.013 - Caching of logon credentials must be limited.
Information
The default Windows configuration caches the last logon credentials for users who log on interactively to a system. This feature is provided for system availability reasons, such as the user's machine being disconnected from the network or domain controllers being unavailable. Even though the credential cache is well-protected, if a system is attacked, an unauthorized individual may isolate the password to a domain user account using a password-cracking program and gain access to the domain.Solution
If the system is not a member of a domain, this is NA.Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> 'Interactive Logon- Number of previous logons to cache (in case Domain Controller is not available)' to '2' logons or less.
See Also
http://iasecontent.disa.mil/stigs/zip/Oct2016/U_Windows_Vista_V6R41_STIG.zip
Item Details
Audit Name: DISA Windows Vista STIG v6r41
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-6b., CAT|III, CCI|CCI-000366, Rule-ID|SV-28978r3_rule, STIG-ID|3.013, Vuln-ID|V-1090
Plugin: Windows
Control ID: 8616e74b079bbf088636dbfe0145fe0df97b7bf7ca33fbff09747838de20b5f2