漏洞描述
Checks if password complexity requirements are disabled.
password-complexity-disabled: Password Complexity Requirements Disabled
PoC代码[已公开]
id: password-complexity-disabled
info:
name: Password Complexity Requirements Disabled
author: princechaddha
severity: high
description: Checks if password complexity requirements are disabled.
impact: |
Disabling password complexity can lead to the use of weak, easily guessable passwords, increasing the risk of unauthorized access.
remediation: |
Enable password complexity requirements to enforce the use of strong, hard-to-guess passwords.
tags: windows,code,windows-audit
self-contained: true
code:
- pre-condition: |
IsWindows();
engine:
- powershell
- powershell.exe
args:
- -ExecutionPolicy
- Bypass
pattern: "*.ps1"
source: |
if ((Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa' -Name 'LimitBlankPasswordUse').LimitBlankPasswordUse -eq 0) { "Password complexity is disabled" }
matchers:
- type: word
words:
- "Password complexity is disabled"
# digest: 490a004630440220440bdc1b013ac0c60358a624de84dab4b1350123922ac26a4f1bd773ea25605b02204383724a3fb14cb231d4235952e3c5fd3252b781cc38f122b061488e014239e9:922c64590222798bb761d5b6d8e72950