max-password-age-too-high: Maximum Password Age Set Too High or Unlimited

日期: 2025-08-01 | 影响软件: max-password-age-too-high | POC: 已公开

漏洞描述

Checks if the maximum password age allows passwords to be used indefinitely.

PoC代码[已公开]

id: max-password-age-too-high

info:
  name: Maximum Password Age Set Too High or Unlimited
  author: princechaddha
  severity: medium
  description: Checks if the maximum password age allows passwords to be used indefinitely.
  impact: |
    Allowing long or unlimited password lifetimes increases the risk of compromised credentials.
  remediation: |
    Set a reasonable maximum password age to force regular password changes.
  tags: policy,code,windows-audit

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - cmd
    args:
      - /c
    pattern: "*.cmd"
    source: |
      net accounts

    matchers:
      - type: word
        words:
          - "Maximum password age (days):                          0"
# digest: 4b0a004830460221009dd39474124d2a7b9d6be0e092610f8fe4d3f62fab7496062dff69edf290a984022100afdbcc717b11761d91ef8e9edfdfa22b31ee564cffcf2e1c237655f3c2abca5f:922c64590222798bb761d5b6d8e72950