Microsoft Windows SMB Registry : Winlogon Cached Password Weakness

Low Nessus Plugin ID 11457


User credentials are stored in memory.


The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is not 0. Using a value greater than 0 for the CachedLogonsCount key indicates that the remote Windows host locally caches the passwords of the users when they login, in order to continue to allow the users to login in the case of the failure of the primary domain controller (PDC).


Use regedt32 and set the value of this registry key to 0.

See Also

Plugin Details

Severity: Low

ID: 11457

File Name: smb_reg_cachedlogons.nasl

Version: $Revision: 1.16 $

Type: local

Agent: windows

Family: Windows

Published: 2003/03/24

Modified: 2017/12/05

Dependencies: 10150, 10394, 10400

Risk Information

Risk Factor: Low


Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: SMB/transport, SMB/name, SMB/login, SMB/password, SMB/registry_access