Detections
Analytics

User Account Using Old Password

medium

Language:

Description

To mitigate the risk of credential theft, it is advisable to update regularly the passwords of all active accounts in Active Directory. However, if users must change their password too frequently, this may lead to the selection of predictable passwords or the storage of passwords in unsafe locations, increasing the likelihood of credential theft.

Solution

Tenable recommends implementing a password renewal policy for accounts with sensitive access rights in the information system. Configure this policy to prevent users from changing their password too frequently, which could increase the likelihood of predictable password use.

See Also

Security baseline (FINAL) for Windows 10 v1903 and Windows Server v1903

NCSC - Password administration for system owners

NIST - Digital Identity Guidelines Authentication and Lifecycle Management

Indicator Details

Name: User Account Using Old Password

Codename: C-USER-PASSWORD

Severity: Medium

MITRE ATT&CK Information:

Tactics: TA0004, TA0003

Techniques: T1078

Attacker Known Tools

van Hauser / THC: THC-Hydra

Solar Designer: John the Ripper

Jens Steube: Hashcat