[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-34907-6

Platform: cpe:/o:microsoft:windows_8.1Date: (C)2015-10-14   (M)2023-07-04



Maximum password age This policy setting defines how long a user can use their password before it expires. Values for this policy setting range from 0 to 999 days. If you set the value to 0, the password will never expire. The default value for this policy setting is 42 days. Because attackers can crack passwords, the more frequently you change the password the less opportunity an attacker has to use a cracked password. However, the lower this value is set, the higher the potential for an increase in calls to help desk support due to users having to change their password or forgetting which password is current.


Parameter:

[max number of days]


Technical Mechanism:

(1) GPO: Computer ConfigurationWindows SettingsSecurity SettingsAccount PoliciesPassword Policy!Maximum password age (2) WMI: ###

CCSS Severity:CCSS Metrics:
CCSS Score : 5.6Attack Vector: NETWORK
Exploit Score: 2.2Attack Complexity: HIGH
Impact Score: 3.4Privileges Required: NONE
Severity: MEDIUMUser Interaction: NONE
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LScope: UNCHANGED
 Confidentiality: LOW
 Integrity: LOW
 Availability: LOW
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:22558


OVAL    1
oval:org.secpod.oval:def:22558
XCCDF    8
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_8_1
xccdf_org.secpod_benchmark_ISO27001_Windows_8_1
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_8_1
xccdf_org.secpod_benchmark_PCI_3_2_Windows_8_1
...

© SecPod Technologies