漏洞描述
Checks if the maximum password age allows passwords to be used indefinitely.
id: max-password-age-too-high
info:
name: Maximum Password Age Set Too High or Unlimited
author: princechaddha
severity: medium
description: Checks if the maximum password age allows passwords to be used indefinitely.
impact: |
Allowing long or unlimited password lifetimes increases the risk of compromised credentials.
remediation: |
Set a reasonable maximum password age to force regular password changes.
tags: policy,code,windows-audit
self-contained: true
code:
- pre-condition: |
IsWindows();
engine:
- cmd
args:
- /c
pattern: "*.cmd"
source: |
net accounts
matchers:
- type: word
words:
- "Maximum password age (days): 0"
# digest: 4b0a004830460221009dd39474124d2a7b9d6be0e092610f8fe4d3f62fab7496062dff69edf290a984022100afdbcc717b11761d91ef8e9edfdfa22b31ee564cffcf2e1c237655f3c2abca5f:922c64590222798bb761d5b6d8e72950