| VID |
28020 |
| Severity |
20 |
| Port |
139 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The maximum password age at system password policy is not set. Passwords should be changed on a regular basis.
Set the maximum password age value so that it equals or is less than the recommended value. A value of 30 to 42 days is recommended.
* Platforms Affected :
Microsoft Windows Any version |
| Recommendation |
To configure maximum password age follow the steps below appropriate for your platform.
In Windows NT:
1. Open User Manager. (From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.)
2. From the Policies menu, select Account to display the Account Policy dialog box.
3. In the Maximum Password Age field, set the Allow Changes In value to at most the value specified by the current policy.
4. Click OK.
For a Windows 2000 domain:
1. Start Microsoft Management Console (MMC)
2. Add Group Policy Snap-in
3. Browse Group Policy Objects
4. Select the Domain Policy of interest
5. Traverse the following path: Computer Configuration, Windows Settings, Security Settings, Account Policies, Password Policy, Maximum Password Age
6. Set the Maximum Password Age to desired value.
For a stand-alone Windows 2000 machine:
1. On the computer of interest, start gpedit.msc. The focus is local computer by default.
2. Traverse the following path: Computer Configuration, Windows Settings, Security Settings, Account Policies, Password Policy, Maximum Password Age
3. Set the Maximum Password Age to desired value.
For Windows XP, 2003, VISTA, 7, 2008, 8, 2012, 10, 2016, 2019:
1. Go to Start menu -> Run and Type 'gpedit.msc'
2. Traverse the following path: Computer Configuration, Windows Settings, Security Settings, Account Policies, Password Policy, Maximum Password Age
3. Set the Maximum Password Age to desired value. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
