| VID |
28019 |
| Severity |
40 |
| Port |
139 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The password history length ay system password policy is not set. Windows NT will prevent a user from reusing the number of passwords specified by the password history length. Set the password history length value so that it equals or exceeds the recommended value. If your security policy has it, then use it or more than 3 is recommended.
* Platforms Affected :
Microsoft Windows Any version
* References:
http://all.net/journal/netsec/9709.html
http://www.iss.net/security_center/static/223.php |
| Recommendation |
To change the password history value, follow the steps below, appropriate for your platform.
In Windows NT:
1. Open User Manager. (From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.)
2. From the Policies menu, select Account to display the Account Policy dialog box.
3. In the Password Uniqueness box, set the value to remember to at least the value specified by the your policy or recommended.
4. Click OK.
For a Windows 2000 domain:
1. Start Microsoft Management Console (MMC).
2. Add Group Policy Snap-in.
3. Browse Group Policy Objects.
4. Select the Domain Policy of interest.
5. Traverse the following path: Computer Configuration, Windows Settings, Security Settings, Account Policies, Password Policy, Password History
6. Set the Password History to desired value.
For stand-alone Windows 2000 machines:
1. On the computer of interest, start gpedit.msc. The focus is local computer by default.
2. Traverse the following path: Computer Configuration, Windows Settings, Security Settings, Account Policies, Password Policy, Password History
3. Set the Password History to desired value.
For Windows XP, 2003, VISTA, 7, 2008, 8, 2012, 10, 2016, 2019:
1. Go to Start menu -> Run and Type 'gpedit.msc'
2. Traverse the following path: Computer Configuration, Windows Settings, Security Settings, Account Policies, Password Policy, Password History
3. Set the Password History to desired value. |
| Related URL |
CVE-1999-0535 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
