[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

Network security: Do not store LAN Manager hash value on next password change

ID: oval:gov.nist.usgcb.windowsseven:def:100Date: (C)2012-04-13   (M)2017-10-26
Class: COMPLIANCEFamily: windows




This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. The LM hash is relatively weak and prone to attack, as compared with the cryptographically stronger Windows NT hash. Since the LM hash is stored on the local computer in the security database the passwords can be compromised if the security database is attacked. Default on Windows Vista and above: Enabled Default on Windows XP: Disabled. Important Windows 2000 Service Pack 2 (SP2) and above offer compatibility with authentication to previous versions of Windows, such as Microsoft Windows NT 4.0. This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP, and the Windows Server 2003 family to communicate with computers running Windows 95 and Windows 98. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Do not store LAN Manager hash value on next password change (2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa!NoLMHash

Platform:
Microsoft Windows 7
Reference:
CCE-8937-5
CPE    1
cpe:/o:microsoft:windows_7
CCE    1
CCE-8937-5
XCCDF    10
xccdf_gov.nist_benchmark_USGCB-Windows-7
xccdf_nist_benchmark_Windows_7
xccdf_org.secpod_benchmark_Windows_7
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_7
...

© 2013 SecPod Technologies