漏洞描述
Checks if the password history count is too low or not configured, allowing password reuse.
password-history-size-low: Password History Size Too Low
PoC代码[已公开]
id: password-history-size-low
info:
name: Password History Size Too Low
author: princechaddha
severity: medium
description: Checks if the password history count is too low or not configured, allowing password reuse.
impact: |
A low or unset password history setting may allow users to reuse recently used passwords, increasing the risk of password compromise.
remediation: |
Increase the password history count to at least 24 previous passwords to prevent rapid reuse of old passwords.
tags: password,history,code,windows-audit
self-contained: true
code:
- pre-condition: |
IsWindows();
engine:
- powershell
- powershell.exe
args:
- -ExecutionPolicy
- Bypass
pattern: "*.ps1"
source: |
$policy = Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name 'PasswordHistorySize' -ErrorAction SilentlyContinue; if ($null -eq $policy.PasswordHistorySize -or $policy.PasswordHistorySize -lt 24) { "Password history size is too low or not configured." }
matchers:
- type: word
words:
- "Password history size is too low or not configured."
# digest: 490a0046304402203e0102b187d0183a2057d5c8c378c59de1d3be9b3ac4e084186d449a42eaed2502205b7e4e1790f8bc3f7bc32838460f9c829cee60791954b8ff6c7fed09cd0bbf09:922c64590222798bb761d5b6d8e72950