minimum-password-age-zero: Minimum Password Age Set to Zero

日期: 2025-08-01 | 影响软件: minimum-password-age-zero | POC: 已公开

漏洞描述

Checks if the minimum password age is set to zero, allowing immediate password changes and potential reuse.

PoC代码[已公开]

id: minimum-password-age-zero

info:
  name: Minimum Password Age Set to Zero
  author: princechaddha
  severity: medium
  description: Checks if the minimum password age is set to zero, allowing immediate password changes and potential reuse.
  impact: |
    Allowing a password age of zero may lead to the rapid reuse of weak passwords, reducing account security.
  remediation: |
    Set a reasonable minimum password age to prevent users from reusing old passwords frequently.
  tags: windows, password, policy, code, windows-audit

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - cmd
    args:
      - /c
    pattern: "*.cmd"
    source: |
      net accounts

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "Minimum password age (days):                          0"
        negative: true

      - type: word
        words:
          - "Minimum password age"
# digest: 4a0a004730450220290c173453310c97a4cf343b2305a0dda63b10bab7b977502b2e9b8ceb74c74c022100e01f81b587d051cca84137419943af7eccbb4fb82b4e009e97399d44f355ab0f:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./code/windows/audit/minimum-password-age-zero.yaml