| VID |
27044 |
| Severity |
40 |
| Port |
135 |
| Protocol |
TCP |
| Class |
WMI |
| Detailed Description |
Using an automated method, an attacker may attempt to attack for every user account by password combination. Account lockout threshold should be set to limit the number of failed logon attempts.
* Platforms Affected:
Microsoft Windows Any version |
| Recommendation |
Setting the 'Account lockout threshold' value '5' or below
1. Run> SECPOL.MSC> Account Policies> Account Lockout Policy> Account lockout threshold
2. 'invalid logon attempts' setting the value '5' or below |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
