CCE-42533-0Platform: cpe:/o:microsoft:windows_10 | Date: (C)2016-09-23 (M)2023-07-04 |
Specify the 'Minimum PIN length' (MinimumPINLength Min:4 Max:127)
Minimum PIN length configures the minimum number of characters required for the work PIN. The lowest number you can configure for this policy setting is 4. The largest number you can configure must be less than the number configured in the Maximum PIN length policy setting or the number 127, whichever is the lowest.
If you configure this policy setting, the work PIN length must be greater than or equal to this number.
If you disable or do not configure this policy setting, the work PIN length must be greater than or equal to 4.
NOTE: If the above specified conditions for the minimum PIN length are not met, default values will be used for both the maximum and minimum PIN lengths.
Counter Measure:
Configure this setting depending on your organization's requirements.
Potential Impact:
The work PIN length may not be strong enough to provide adequate security.
Parameter:
[minimum pin length 4 to 127]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsMicrosoft Passport for WorkPIN ComplexityMinimum PIN length
(2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftPassportForWorkPINComplexityMinimumPINLength
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.1 | Attack Vector: NETWORK |
Exploit Score: 2.2 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:35128 |