CCE-36180-8| Platform: cpe:/o:microsoft:windows_server_2012::r2 | Date: (C)2015-10-08 (M)2023-07-04 |
Contact PDC on logon failure
Defines whether a domain controller (DC) should attempt to verify with the PDC the password provided by a client if the DC failed to validate the password.
Contacting the PDC is useful in case the client?s password was recently changed and did not propagate to the DC yet. Users may want to disable this feature if the PDC is located over a slow WAN connection.
To enable this feature, click Enabled.
To disable this feature, click Disabled.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesSystemNet Logon!Contact PDC on logon failure
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftNetlogonParameters!AvoidPdcOnWan
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 8.1 | Attack Vector: NETWORK |
| Exploit Score: 2.2 | Attack Complexity: HIGH |
| Impact Score: 5.9 | Privileges Required: NONE |
| Severity: HIGH | User Interaction: NONE |
| Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| | Confidentiality: HIGH |
| | Integrity: HIGH |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:27349 |
