Detections
Analytics
WN12-SO-000024 - Caching of logon credentials must be limited.
Information
The default Windows configuration caches the last logon credentials for users who log on interactively to a system. This feature is provided for system availability reasons, such as the user's machine being disconnected from the network or domain controllers being unavailable. Even though the credential cache is well-protected, if a system is attacked, an unauthorized individual may isolate the password to a domain user account using a password-cracking program and gain access to the domain.Solution
If the system is not a member of a domain, this is NA.Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> 'Interactive Logon: Number of previous logons to cache (in case Domain Controller is not available)' to '4' logons or less.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2012_and_2012_R2_DC_V3R7_STIG.zip
Item Details
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-6b., CAT|III, CCI|CCI-000366, Rule-ID|SV-226290r794588_rule, STIG-ID|WN12-SO-000024, STIG-Legacy|SV-52846, STIG-Legacy|V-1090, Vuln-ID|V-226290
Plugin: Windows
Control ID: be54294c9a5f175a93594796fb8537f61c5c5968c9c13e15567ecf53d7ff6a82