windows-min-password-length-short: Minimum Password Length Too Short

日期: 2025-08-01 | 影响软件: windows-min-password-length-short | POC: 已公开

漏洞描述

Checks if the minimum password length for local accounts is set to less than 8 characters.

PoC代码[已公开]

id: windows-min-password-length-short

info:
  name: Minimum Password Length Too Short
  author: princechaddha
  severity: high
  description: Checks if the minimum password length for local accounts is set to less than 8 characters.
  impact: |
    Short passwords are easier to crack, compromising system security.
  remediation: |
    Set the minimum password length to at least 8 characters for local accounts.
  tags: windows,code,windows-audit

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - powershell.exe
    args:
      - -ExecutionPolicy
      - Bypass
    pattern: "*.ps1"
    source: |
      $policy = Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters' -Name 'MinimumPasswordLength' -ErrorAction SilentlyContinue;
      if ($policy -and $policy.MinimumPasswordLength -lt 8) {
        Write-Output 'Minimum password length is too short';
      }

    matchers:
      - type: word
        part: body
        words:
          - "Minimum password length is too short"
# digest: 4a0a0047304502204e6bdfeaa63c2f82aecf403219c418ccc031cf895041ebca8f70497036d68223022100a77590df5011a21be573db6fb0ad405e8e7ec0e0ae3cac5ed5403380841d4b53:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./code/windows/audit/windows-min-password-length-short.yaml