Microsoft Windows SMB Registry : Winlogon Cached Password Weakness

This script is Copyright (C) 2003-2016 Tenable Network Security, Inc.


Synopsis :

User credentials are stored in memory.

Description :

The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\
Winlogon\CachedLogonsCount' is non-NULL. Using a non-NULL value for
the CachedLogonsCount key indicates that the remote Windows host
locally caches the passwords of the users when they login, in order to
continue to allow the users to login in the case of the failure of the
primary domain controller (PDC).

See also :

https://technet.microsoft.com/en-us/library/cc957390.aspx

Solution :

Use regedt32 and set the value of this registry key to 0.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

Family: Windows

Nessus Plugin ID: 11457 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now