| VID |
27035 |
| Severity |
40 |
| Port |
135 |
| Protocol |
TCP |
| Class |
WMI |
| Detailed Description |
Administrator account, even when they log on as many times fail because they do not block access to the absolute system to attack the password for this account, people can still tries to infer.
Thus, by changing the name of the administrator account password, as well as the account name, the attacker also can give difficulty to be inferred.
Another way the number of failed logon attempts in the security policy settings by setting the account lockout due to brute force attack or dictionary attack can cope with.
Been set to the Administrator account in the 'Administrator' account with a different name, change the 'Administrator' account to create a fake way that does not give any permission, which can be used, this method "security through " one of foreordained. Bogus is that you create an account.
* Platforms Affected:
Microsoft Windows Any version |
| Recommendation |
Should stop using the Administrator account, and creating a separate Administrator account must be used.
A user with Administrator privileges shall be limited to the minimum number. In addition, Password at least 8 character numbers and English, and special characters should be used in combination.
1. Run> LUSRMGR.MSC> Users> Administrator> Properties
2. Check to disable the Administrator account, and create a user account for Administrators. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
