CCE-42579-3| Platform: cpe:/o:microsoft:windows_10 | Date: (C)2016-09-23 (M)2023-07-04 |
Disable: 'Enable local admin password management'
Enables management of password for local administrator account
If you enable this setting, local administrator password is managed
If you disable or not configure this setting, local administrator password is NOT managed
Counter Measure:
Enable this setting.
Potential Impact:
Local administrator passwords are changed as managed.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesLAPSEnable local admin password management
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoft ServicesAdmPwdAdmPwdEnabled
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 8.1 | Attack Vector: NETWORK |
| Exploit Score: 2.2 | Attack Complexity: HIGH |
| Impact Score: 5.9 | Privileges Required: NONE |
| Severity: HIGH | User Interaction: NONE |
| Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| | Confidentiality: HIGH |
| | Integrity: HIGH |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:35151 |
