Application of Weak Password Policies on Users

critical

Description

Weak password policies directly expose the organization to compromise by permitting easily guessable passwords, leaving critical assets vulnerable to common credential theft techniques like brute-forcing or default password.

Solution

Password policies for user accounts should enforce strong passwords with sufficient length and symbols, adapted to your requirements.

See Also

AD DS: Fine-Grained Password Policies

Configure fine grained password policies for Active Directory Domain Services

Configuring Password Policies

Indicator Details

Name: Application of Weak Password Policies on Users

Codename: C-PASSWORD-POLICY

Severity: Critical

Type: Active Directory Indicator of Exposure

Family: Authentication and Credentials

MITRE ATT&CK Information: