| VID |
27045 |
| Severity |
40 |
| Port |
135 |
| Protocol |
TCP |
| Class |
WMI |
| Detailed Description |
If an application protocol is supported that requires knowing the user's password for authentication, the password is stored in a decipherable manner so that an attacker who uses a password attack can log on to a network resource using an exposed account.
* Platforms Affected:
Microsoft Windows Any version |
| Recommendation |
Setting the 'Store passwords using reversible encryption' value 'Disabled'
1. Run> SECPOL.MSC> Account Policies> Password Policy > Store passwords using reversible encryption
2. Check 'Disabled' |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
