Microsoft Windows SMB Registry : Winlogon Cached Password Weakness
Low Nessus Plugin ID 11457
SynopsisUser credentials are stored in memory.
DescriptionThe registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is not 0. Using a value greater than 0 for the CachedLogonsCount key indicates that the remote Windows host locally caches the passwords of the users when they login, in order to continue to allow the users to login in the case of the failure of the primary domain controller (PDC).
SolutionUse regedt32 and set the value of this registry key to 0.