[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110507

 
 

909

 
 

86504

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-46005-5

Platform: win2016Date: (C)2017-08-03   (M)2018-07-10



"Accounts: Limit local account use of blank passwords to console logon only" This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable this policy setting, local accounts that have blank passwords will not be able to log on to the network from remote client computers. Such accounts will only be able to log on at the keyboard of the computer. Vulnerability: Blank passwords are a serious threat to computer security and should be forbidden through both organizational policy and suitable technical measures. In fact, the default settings for Active Directory * domains require complex passwords of at least seven characters. However, if users with the ability to create new accounts bypass your domain-based password policies, they could create accounts with blank passwords. For example, a user could build a stand-alone computer, create one or more accounts with blank passwords, and then join the computer to the domain. The local accounts with blank passwords would still function. Anyone who knows the name of one of these unprotected accounts could then use it to log on. Counter Measure: Enable the Accounts: Limit local account use of blank passwords to console logon only setting. Potential Impact: None. This is the default configuration.


Parameter: LimitBlankPasswordUse


Technical Mechanism: Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options (2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa!LimitBlankPasswordUse

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:40307


OVAL    1
oval:org.secpod.oval:def:40307
XCCDF    5
xccdf_org.secpod_benchmark_general_Windows_Server_2016
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_Server_2016
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_Server_2016
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_Server_2016
...

© SecPod Technologies