漏洞描述
Verifies if the system displays the last logged-in username, which may aid unauthorized access attempts.
display-last-username-enabled: Do Not Display Last User Name Disabled
PoC代码[已公开]
id: display-last-username-enabled
info:
name: Do Not Display Last User Name Disabled
author: princechaddha
severity: medium
description: Verifies if the system displays the last logged-in username, which may aid unauthorized access attempts.
impact: |
Displaying the last user name on the login screen can assist attackers in targeting accounts.
remediation: |
Enable the policy to hide the last logged-in username.
tags: login,username,code,windows-audit
self-contained: true
code:
- pre-condition: |
IsWindows();
engine:
- powershell
- powershell.exe
args:
- -ExecutionPolicy
- Bypass
pattern: "*.ps1"
source: |
Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -Name 'DontDisplayLastUserName'
matchers:
- type: word
words:
- "0"
# digest: 4a0a0047304502203d4b16268980d52ea1eef5e0b031e08229d104330d98d9eacf2b577a4402ca7a02210098aeb19e8a84d84f6313df06f81d07d777f2ae9043cab3ca3cad6d499f1cab6d:922c64590222798bb761d5b6d8e72950