CCE-97847-8| Platform: cpe:/o:microsoft:windows_server_2022:::x64 | Date: (C)2022-06-07 (M)2023-07-04 |
This setting specifies the number of past PINs that can be associated to a user account that can't be reused. This policy enables administrators to enhance security by ensuring that old PINs are not reused continually. PIN history is not preserved through PIN reset.
The value must be between 0 to 50 PINs. If this policy is set to 0, then storage of previous PINs is not required.
Default: 0.
Countermeasure:
Configure this setting depending on your organization's requirements.
Potential Impact:
PINs will need to be unique over the specified history.
Parameter:
[pin history]
Technical Mechanism:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Microsoft Passport for Work\PIN Complexity\History
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork\PINComplexity!History
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 8.1 | Attack Vector: NETWORK |
| Exploit Score: 2.2 | Attack Complexity: HIGH |
| Impact Score: 5.9 | Privileges Required: NONE |
| Severity: HIGH | User Interaction: NONE |
| Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| | Confidentiality: HIGH |
| | Integrity: HIGH |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:80879 |
