SECUI Corporation


	Korean

<< Back

VID	28339
Severity	20
Port	139,445
Protocol	TCP
Class	SMB
Detailed Description	The Account Lockout Duration value is not set, or less than the value defined in the security policy. If the duration is too short, or if account lockouts are not enabled, attackers can easily brute force your accounts. This security setting determines the number of minutes a locked-out account remains locked out before automatically becoming unlocked. The available range is from 0 minutes through 99,999 minutes. If you set the account lockout duration to 0, the account will be locked out until an administrator explicitly unlocks it. If an account lockout threshold is defined, the account lockout duration must be greater than or equal to the reset time. This policy setting is not enabled by default, and only has meaning when an Account lockout threshold is specified. * Platforms Affected: http://www.securityfocus.com/infocus/1297 http://www.microsoft.com/technet/security/topics/issues/W2kCCSCG/W2kSCGce.asp http://hq.mcafeeasap.com/vulnerabilities/vuln_data/25000.asp * Platforms Affected: Windows Any version
Recommendation	Set the Account Lockout Duration value so that it equals or exceeds the value in the current policy. To change the Account Lockout Duration value: For Windows NT: 1. Open User Manager. (From the Windows NT Start menu, select Programs, Administrative Tools (Common), and User Manager.) 2. From the Policies menu, select Account to display the Account Policy dialog box. 3. Enable Account Lockout. 4. Set the Duration field to a value that is greater than or equal to the value in the current policy. 5. Click OK. For a Windows 2000 domain: 1. Start Microsoft Management Console (mmc). From the Windows Start menu, select Run, type mmc, and click OK. 2. Add Group Policy Snap-in. 3. Browse Group Policy Objects. 4. Select the Domain Policy of interest. 5. Traverse the following path: Computer Configuration, Windows Settings, Security Settings, Account Policies, Account Lockout Policy. 6. Set the Account Lockout Duration to desired value, according to your administration policy. For a stand-alone Windows 2000 computer: 1. On the affected computer, start gpedit.msc. From the Windows Start menu, select Run, type gpedit.msc, and click OK. The focus is local computer by default. 2. Traverse the following path: Computer Configuration, Windows Settings, Security Settings, Account Policies, Account Lockout Policy. 3. Set the Account Lockout Duration to desired value, according to your administration policy. For Windows XP, 2003, 7, 2008, 8, 2012, 10, 2016, 2019 computer: 1. On the affected computer, start gpedit.msc. From the Windows Start menu, select Run, type gpedit.msc, and click OK. The focus is local computer by default. 2. Traverse the following path: Computer Configuration, Windows Settings, Security Settings, Account Policies, Account Lockout Policy. 3. Set the Account Lockout Duration to desired value, according to your administration policy.
Related URL	CVE-1999-0582 (CVE)
Related URL	(SecurityFocus)
Related URL	224 (ISS)